GHSA-h2g5-2rhx-ffgj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h2g5-2rhx-ffgj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-h2g5-2rhx-ffgj/GHSA-h2g5-2rhx-ffgj.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-h2g5-2rhx-ffgj
- Aliases
-
- BIT-weblate-2022-23915
- CVE-2022-23915
- CVE-2022-24727
- GHSA-3872-f48p-pxqj
- PYSEC-2022-162
- PYSEC-2022-31
- SNYK-PYTHON-WEBLATE-2414088
- Withdrawn
- 2026-01-23T22:29:40Z
- Published
- 2022-03-05T00:00:44Z
- Modified
- 2026-01-23T22:53:41.109268Z
- Summary
- Duplicate Advisory: Command injection in Weblate
- Details
-
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-3872-f48p-pxqj. This link is maintained to preserve external references.
Original Description
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.
- Database specific
{ "nvd_published_at": "2022-03-04T17:15:00Z", "github_reviewed_at": "2022-03-14T23:12:25Z", "cwe_ids": [ "CWE-77" ], "github_reviewed": true, "severity": "HIGH" }- References
-
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3872-f48p-pxqj
- https://nvd.nist.gov/vuln/detail/CVE-2022-24727
- https://github.com/WeblateOrg/weblate/commit/35d59f1f040541c358cece0a8d4a63183ca919b8
- https://github.com/WeblateOrg/weblate/commit/d83672a3e7415da1490334e2c9431e5da1966842
- https://github.com/WeblateOrg/weblate
Affected packages
PyPI / weblate
Package
- Name
- weblate
- View open source insights on deps.dev
- Purl
- pkg:pypi/weblate
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.11.1
Affected versions
1.*
1.9
2.*
2.0
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.10.1
2.11
2.12
2.13
2.13.1
2.14
2.14.1
2.15
2.16
2.17
2.17.1
2.18
2.19
2.19.1
2.20
3.*
3.0
3.0.1
3.1
3.1.1
3.2
3.2.1
3.2.2
3.3
3.4
3.5
3.5.1
3.6
3.6.1
3.7
3.7.1
3.8
3.9
3.9.1
3.10
3.10.1
3.10.2
3.10.3
3.11
3.11.1
3.11.2
3.11.3
4.*
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.1
4.1.1
4.2
4.2.1
4.2.2
4.3
4.3.1
4.3.2
4.4
4.4.1
4.4.2
4.5
4.5.1
4.5.2
4.5.3
4.6
4.6.1
4.6.2
4.7
4.7.1
4.7.2
4.8
4.8.1
4.9
4.9.1
4.10
4.10.1
4.11