Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"command execution" vulnerability, CVE-2022-36231 #16

Open
ajakk opened this issue Feb 26, 2023 · 2 comments
Open

"command execution" vulnerability, CVE-2022-36231 #16

ajakk opened this issue Feb 26, 2023 · 2 comments

Comments

@ajakk
Copy link

ajakk commented Feb 26, 2023

A CVE associated with this software was issued by MITRE, with a reference to this repository:

https://github.com/affix/CVE-2022-36231

Is there a fix? Is there an upstream report anywhere? I asked the CVE requester, but haven't heard anything from them yet.
@tomtaylor
Copy link
Contributor

There is a patch under #15, but it hasn't been merged by someone with write access to the repo yet.

@larskuhnt
Copy link

Hi, I see that the tag 0.5.4 was created, but the version is not available on rubygems. When Do you plan to release 0.5.4?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomtaylor @larskuhnt @ajakk