Command injection in github.com/rancher/wrangler
Overview
Source
ID
GO-2023-1519
Aliases
CVE-2022-31249
GHSA-qrg7-hfx7-95c5
Affected package
Description
A command injection vulnerability exists in the Wrangler Git package. Specially crafted commands can be passed to Wrangler that will change their behavior and cause confusion when executed through Git, resulting in command injection in the underlying host.
A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.
Summary
339
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
56
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
0.03%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.7.4-security1, Introduced: 0.8.0, Fixed: 0.8.5-security1, Introduced: 0.8.6, Fixed: 0.8.11, Introduced: 1.0.0, Fixed: 1.0.1
Patched/Unaffected
Affected