CVE-2022-31249
Command injection in github.com/rancher/wrangler
7.5
HIGH
CVSS 3.1
EPSS 1.2%
Description
A command injection vulnerability exists in the Wrangler Git package. Specially crafted commands can be passed to Wrangler that will change their behavior and cause confusion when executed through Git, resulting in command injection in the underlying host. A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.
How to fix CVE-2022-31249
To remediate CVE-2022-31249, upgrade the affected package to a fixed version below.
- —upgrade to 0.7.4-security1 or later
- —upgrade to 0.7.4-security1 or later
Is CVE-2022-31249 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.7.4-security1
- from 0, < 0.7.4-security1, >= 0.8.0, < 0.8.5-security1, >= 0.8.6, < 0.8.11, >= 1.0.0, < 1.0.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |