Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

"command execution" vulnerability, CVE-2022-36231 #16

Open
ajakk opened this issue Feb 26, 2023 · 2 comments
Open

"command execution" vulnerability, CVE-2022-36231 #16

ajakk opened this issue Feb 26, 2023 · 2 comments

Comments

@ajakk
Copy link

ajakk commented Feb 26, 2023

A CVE associated with this software was issued by MITRE, with a reference to this repository:

https://github.com/affix/CVE-2022-36231

Is there a fix? Is there an upstream report anywhere? I asked the CVE requester, but haven't heard anything from them yet.
@tomtaylor
Copy link
Contributor

There is a patch under #15, but it hasn't been merged by someone with write access to the repo yet.

@larskuhnt
Copy link

Hi, I see that the tag 0.5.4 was created, but the version is not available on rubygems. When Do you plan to release 0.5.4?

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomtaylor @larskuhnt @ajakk