This advisory has been withdrawn because it is a duplicate of GHSA-3872-f48p-pxqj. This link is maintained to preserve external references.
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.
| Score | Percentile |
|---|---|
| 0.04% | 14.51% |
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-h2g5-2rhx-ffgj ↗ |
| CVE | CVE-2022-24727 ↗ |
| CWE id | Name |
|---|---|
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | Weblate | < 4.11.1 | 4.11.1 | — |