Publish GHSA-pfpr-3463-c6jh

advisory-database[bot] · advisory-database[bot] · commit 72429fb916be · 2025-04-04T22:02:16.000Z
diff --git a/advisories/github-reviewed/2023/01/GHSA-pfpr-3463-c6jh/GHSA-pfpr-3463-c6jh.json b/advisories/github-reviewed/2023/01/GHSA-pfpr-3463-c6jh/GHSA-pfpr-3463-c6jh.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pfpr-3463-c6jh",
-  "modified": "2023-01-24T23:28:35Z",
+  "modified": "2025-04-04T21:59:57Z",
   "published": "2023-01-09T21:55:14Z",
   "aliases": [
     "CVE-2022-46648"
   ],
   "summary": "ruby-git has potential remote code execution vulnerability",
-  "details": "The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the `git ls-files` command using `eval()` to unescape quoted file names. If a file name was added to the git repository contained special characters, such as `\\n`, then the `git ls-files` command would print the file name in quotes and escape any special characters. If the `Git#ls_files` method encountered a quoted file name it would use `eval()` to unquote and unescape any special characters, leading to potential remote code execution. Version 1.13.0 of the git gem was released which correctly parses any quoted file names.\n",
+  "details": "The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the `git ls-files` command using `eval()` to unescape quoted file names. If a file name was added to the git repository contained special characters, such as `\\n`, then the `git ls-files` command would print the file name in quotes and escape any special characters. If the `Git#ls_files` method encountered a quoted file name it would use `eval()` to unquote and unescape any special characters, leading to potential remote code execution. Version 1.13.0 of the git gem was released which correctly parses any quoted file names.",
   "severity": [
     {
       "type": "CVSS_V3",
