Vulnerability Report: GO-2023-1519

CVE-2022-31249, GHSA-qrg7-hfx7-95c5
Affects: github.com/rancher/wrangler
Published: Feb 14, 2023
Modified: May 20, 2024

A command injection vulnerability exists in the Wrangler Git package. Specially crafted commands can be passed to Wrangler that will change their behavior and cause confusion when executed through Git, resulting in command injection in the underlying host. A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-qrg7-hfx7-95c5.

Affected Packages

Path

Go Versions

Symbols
github.com/rancher/wrangler/pkg/git

before v0.7.4-security1, from v0.8.0 before v0.8.5-security1, from v0.8.6 before v0.8.11, from v1.0.0 before v1.0.1
5 affected symbols

Aliases

References

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL