CVE-2022-28927
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-28927
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28927.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-28927
- Published
- 2022-05-19T16:15:07.963Z
- Modified
- 2025-11-14T13:08:52.950139Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.
- References
Affected packages
Git / github.com/tindy2013/subconverter
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tindy2013/subconverter
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.1.0
v0.1.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.7.0
v0.7.1
v0.7.2
Database specific
vanir_signatures
[
{
"digest": {
"length": 845.0,
"function_hash": "259509781383575194076030127458393994113"
},
"target": {
"file": "src/generator/config/nodemanip.cpp",
"function": "nodeRename"
},
"deprecated": false,
"id": "CVE-2022-28927-097fbad1",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"length": 936.0,
"function_hash": "120144558944376038716666326901165210208"
},
"target": {
"file": "src/generator/config/nodemanip.cpp",
"function": "addEmoji"
},
"deprecated": false,
"id": "CVE-2022-28927-0eb00b63",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"line_hashes": [
"338545122428861871429691488915455247789",
"200772283940007641301736675419329515907",
"249193650644317766291367232510792875927",
"48249621468777245612224269696919157974"
],
"threshold": 0.9
},
"target": {
"file": "src/generator/config/subexport.cpp"
},
"deprecated": false,
"id": "CVE-2022-28927-10b21ea2",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"length": 16025.0,
"function_hash": "68445709000031332524011621302530271769"
},
"target": {
"file": "src/handler/interfaces.cpp",
"function": "subconverter"
},
"deprecated": false,
"id": "CVE-2022-28927-1bedc58b",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"line_hashes": [
"38184234143551854430953235571966865589",
"199019713418822282068383034268708811964",
"187664432621830627626336405977651025775",
"303898551453791528540437062282712833696"
],
"threshold": 0.9
},
"target": {
"file": "src/handler/settings.h"
},
"deprecated": false,
"id": "CVE-2022-28927-39ffba9e",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"line_hashes": [
"272180236190803384077581039876713184995",
"337525974262718244791059008275309178776",
"45693590855883608092513206710637743349",
"138404948008004436906753056840612479824"
],
"threshold": 0.9
},
"target": {
"file": "src/generator/config/subexport.h"
},
"deprecated": false,
"id": "CVE-2022-28927-4c0fa7be",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"length": 986.0,
"function_hash": "196558245184345599413304203553150903103"
},
"target": {
"file": "src/generator/config/subexport.cpp",
"function": "groupGenerate"
},
"deprecated": false,
"id": "CVE-2022-28927-72e6b3fb",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"length": 3780.0,
"function_hash": "201075664167984993253001476031114919860"
},
"target": {
"file": "src/generator/config/nodemanip.cpp",
"function": "addNodes"
},
"deprecated": false,
"id": "CVE-2022-28927-7cfdb7e4",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"line_hashes": [
"256475900586497594565061200923420273085",
"26200362067498421376176561240662694476",
"83143073932275058233030526177704135909",
"173642351841019992801130714198601139242",
"285777057819666270287578096977855690283",
"239916305284554054789959660754805152324",
"173369305118071446425651090795419746348",
"305659003616553021762209333941254069705",
"224222081096339282781586640931451557366",
"280341859001341640227704303258695095376",
"59529319329304376427733611362831693475",
"289047087160005059016085052957547184886",
"91661193397978673972009858218208210814",
"61652276915242085458917827129796725188",
"240255950819135606143263445250573960626",
"168318540835906262512058200028935972432",
"261091070461111865743352351135573726308",
"222867480584463794881085523954523409170",
"245043193386902901152416675710301878249",
"322735503505077120104598266362995837922",
"315719641304638773107718365958028047871",
"246869364792251145136331387766175112039",
"245447614304576090768702617397043367721",
"214613345714229069361719409735488692835",
"26684248191480770023402528090273506687",
"133895057545911509730475983254651304081",
"240301710178886251064453377495200047213",
"27472109781921241935817684250938609000"
],
"threshold": 0.9
},
"target": {
"file": "src/handler/settings.cpp"
},
"deprecated": false,
"id": "CVE-2022-28927-8e0ded74",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"length": 9533.0,
"function_hash": "115805550838069525950021802464296960690"
},
"target": {
"file": "src/handler/settings.cpp",
"function": "readConf"
},
"deprecated": false,
"id": "CVE-2022-28927-8ecff4c4",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"line_hashes": [
"241063006537864921060524776673725920480",
"72919050273123263322294299880673941040",
"215461335715119335376797676120201414733"
],
"threshold": 0.9
},
"target": {
"file": "src/handler/interfaces.cpp"
},
"deprecated": false,
"id": "CVE-2022-28927-99b9f2ff",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"length": 9329.0,
"function_hash": "141244377687438143516988183872240920351"
},
"target": {
"file": "src/handler/settings.cpp",
"function": "readYAMLConf"
},
"deprecated": false,
"id": "CVE-2022-28927-ab5c75c1",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"length": 1299.0,
"function_hash": "76210728789571129635431835786818392631"
},
"target": {
"file": "src/generator/config/nodemanip.cpp",
"function": "preprocessNodes"
},
"deprecated": false,
"id": "CVE-2022-28927-c82802fb",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"length": 6503.0,
"function_hash": "316647142611184594576434641409571207874"
},
"target": {
"file": "src/handler/settings.cpp",
"function": "readTOMLConf"
},
"deprecated": false,
"id": "CVE-2022-28927-c86a1953",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
},
{
"digest": {
"line_hashes": [
"198906372156697715820319630576678806894",
"91021285207433122594555164950929376883",
"95363140249836527866197925287371529777",
"75257081543197597182808301106978088799",
"302458432708978033424252702468119433642",
"9650651562072460958422195750698730853",
"68739858142534844118586448345633972687",
"27203750936494394576703454954854971149",
"197554509633727142283748512439271266776",
"35403679111830034404974572256916419987",
"15248752157228626773720563960312279268",
"232005498609078662816508164927764927881",
"70145136640763619976803526149952070492",
"72761003550693856262929892268275576240",
"181126925487699852816993882951080568815",
"189170211905543349673688295163332543524"
],
"threshold": 0.9
},
"target": {
"file": "src/generator/config/nodemanip.cpp"
},
"deprecated": false,
"id": "CVE-2022-28927-d60de665",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"
}
]