CVE-2022-31249

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31249

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31249.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-31249

Aliases

Published

2023-02-07T13:15:09Z

Modified

2025-01-08T09:01:39.933111Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

References

https://bugzilla.suse.com/show_bug.cgi?id=1200299

Affected packages

Git / github.com/rancher/wrangler

Affected ranges

Type: GIT
Repo: https://github.com/rancher/wrangler
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

12397eec50155cb2d24aa70bdf9e90c5f3b9a727

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.2.0

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.7.2