CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42906

powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.2%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2022-42906

Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.0.0

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.0.0
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.0.1

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.0.1
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.0.2

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.0.2
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.0.3

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.0.3
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.0.4

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.0.4
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.1.0

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.1.0
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.1.1

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.1.1
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.2.0

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.2.0
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.2.1

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.2.1
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.3.0

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.3.0
Powerline Gitstatus Project » Powerline Gitstatus » Version: 1.3.1

cpe:2.3:a:powerline_gitstatus_project:powerline_gitstatus:1.3.1
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42906

Products

Pricing

Contact Us