Vulnerability-Lookup

CVE-2022-24803 (GCVE-0-2022-24803)

Vulnerability from cvelistv5 – Published: 2022-03-31 23:30 – Updated: 2025-04-22 18:17

Title

Command Injection vulnerability in asciidoctor-include-ext

Summary

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.

Severity

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/jirutka/asciidoctor-include-ex…	x_refsource_CONFIRM
https://github.com/jirutka/asciidoctor-include-ex…	x_refsource_MISC
https://github.com/jirutka/asciidoctor-include-ex…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
jirutka	asciidoctor-include-ext	Affected: < 0.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24803",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:37:30.670379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T18:17:46.997Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asciidoctor-include-ext",
          "vendor": "jirutka",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asciidoctor-include-ext is Asciidoctor\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-31T23:30:14.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
        }
      ],
      "source": {
        "advisory": "GHSA-v222-6mr4-qj29",
        "discovery": "UNKNOWN"
      },
      "title": "Command Injection vulnerability in asciidoctor-include-ext",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24803",
          "STATE": "PUBLIC",
          "TITLE": "Command Injection vulnerability in asciidoctor-include-ext"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "asciidoctor-include-ext",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "jirutka"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Asciidoctor-include-ext is Asciidoctor\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29",
              "refsource": "CONFIRM",
              "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
            },
            {
              "name": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155",
              "refsource": "MISC",
              "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
            },
            {
              "name": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee",
              "refsource": "MISC",
              "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-v222-6mr4-qj29",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24803",
    "datePublished": "2022-03-31T23:30:14.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2025-04-22T18:17:46.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-24803",
      "date": "2026-06-06",
      "epss": "0.01055",
      "percentile": "0.77962"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24803\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-04-01T00:15:08.950\",\"lastModified\":\"2024-11-21T06:51:08.023\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Asciidoctor-include-ext is Asciidoctor\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.\"},{\"lang\":\"es\",\"value\":\"Asciidoctor-include-ext es el procesador de inclusi\u00f3n est\u00e1ndar de Asciidoctor reimplementado como una extensi\u00f3n. En versiones anteriores a 0.4.0, cuando son usadas para renderizar la entrada suministrada por el usuario en el marcado AsciiDoc, pueden permitir a un atacante ejecutar comandos arbitrarios del sistema en el sistema operativo anfitri\u00f3n. Este ataque es posible incluso cuando \\\"allow-uri-read\\\" est\u00e1 deshabilitado. El problema ha sido parcheado en los commits referenciados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asciidoctor-include-ext_project:asciidoctor-include-ext:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.4.0\",\"matchCriteriaId\":\"39AA2467-43AC-4113-A089-325768DC5A00\"}]}]}],\"references\":[{\"url\":\"https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"asciidoctor-include-ext\", \"vendor\": \"jirutka\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.4.0\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Asciidoctor-include-ext is Asciidoctor\\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-03-31T23:30:14.000Z\", \"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee\"}], \"source\": {\"advisory\": \"GHSA-v222-6mr4-qj29\", \"discovery\": \"UNKNOWN\"}, \"title\": \"Command Injection vulnerability in asciidoctor-include-ext\", \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"security-advisories@github.com\", \"ID\": \"CVE-2022-24803\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Command Injection vulnerability in asciidoctor-include-ext\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"asciidoctor-include-ext\", \"version\": {\"version_data\": [{\"version_value\": \"\u003c 0.4.0\"}]}}]}, \"vendor_name\": \"jirutka\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Asciidoctor-include-ext is Asciidoctor\\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.\"}]}, \"impact\": {\"cvss\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29\", \"refsource\": \"CONFIRM\", \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29\"}, {\"name\": \"https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155\", \"refsource\": \"MISC\", \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155\"}, {\"name\": \"https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee\", \"refsource\": \"MISC\", \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee\"}]}, \"source\": {\"advisory\": \"GHSA-v222-6mr4-qj29\", \"discovery\": \"UNKNOWN\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:50.529Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24803\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:37:30.670379Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:37:32.009Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"assignerShortName\": \"GitHub_M\", \"cveId\": \"CVE-2022-24803\", \"datePublished\": \"2022-03-31T23:30:14.000Z\", \"dateReserved\": \"2022-02-10T00:00:00.000Z\", \"dateUpdated\": \"2025-04-22T18:17:46.997Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2022-24803

Vulnerability from fkie_nvd - Published: 2022-04-01 00:15 - Updated: 2024-11-21 06:51

Severity

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155	Exploit, Patch, Third Party Advisory
security-advisories@github.com	https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29	Third Party Advisory

Impacted products

	Vendor	Product	Version
	asciidoctor-include-ext_project	asciidoctor-include-ext	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asciidoctor-include-ext_project:asciidoctor-include-ext:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AA2467-43AC-4113-A089-325768DC5A00",
              "versionEndExcluding": "0.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asciidoctor-include-ext is Asciidoctor\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits."
    },
    {
      "lang": "es",
      "value": "Asciidoctor-include-ext es el procesador de inclusi\u00f3n est\u00e1ndar de Asciidoctor reimplementado como una extensi\u00f3n. En versiones anteriores a 0.4.0, cuando son usadas para renderizar la entrada suministrada por el usuario en el marcado AsciiDoc, pueden permitir a un atacante ejecutar comandos arbitrarios del sistema en el sistema operativo anfitri\u00f3n. Este ataque es posible incluso cuando \"allow-uri-read\" est\u00e1 deshabilitado. El problema ha sido parcheado en los commits referenciados"
    }
  ],
  "id": "CVE-2022-24803",
  "lastModified": "2024-11-21T06:51:08.023",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-01T00:15:08.950",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-V222-6MR4-QJ29

Vulnerability from github – Published: 2022-03-31 23:27 – Updated: 2023-05-16 15:46

Summary

Command Injection vulnerability in asciidoctor-include-ext

Details

Impact

Applications using Asciidoctor (Ruby) with asciidoctor-include-ext (prior to version 0.4.0), which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. ~~This attack is possible even when allow-uri-read is disabled!~~ (EDIT: it’s not)

Patches

The vulnerability has been fixed in commit c7ea001 (and further improved in cbaccf3), which is included in version 0.4.0.

Workarounds

require 'asciidoctor/include_ext'

class Asciidoctor::IncludeExt::IncludeProcessor
  # Overrides superclass private method to mitigate Command Injection
  # vulnerability in asciidoctor-include-ext <0.4.0.
  def target_uri?(target)
    target.downcase.start_with?('http://', 'https://') \
      && URI.parse(target).is_a?(URI::HTTP)
  rescue URI::InvalidURIError
    false
  end
end

References

https://sakurity.com/blog/2015/02/28/openuri.html

Credits

This vulnerability was discovered by Joern Schneeweisz from the GitLab Security Research Team.

For more information

See commit message c7ea001.

If you have any questions or comments about this advisory open an issue in jirutka/asciidoctor-include-ext.

Severity

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "asciidoctor-include-ext"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-31T23:27:15Z",
    "nvd_published_at": "2022-04-01T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nApplications using [Asciidoctor (Ruby)](https://github.com/asciidoctor/asciidoctor) with [asciidoctor-include-ext](https://github.com/jirutka/asciidoctor-include-ext) (prior to version 0.4.0), which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. ~~This attack is possible even when `allow-uri-read` is disabled!~~ (EDIT: it\u2019s not)\n\n\n### Patches\n\nThe vulnerability has been fixed in commit c7ea001 (and further improved in cbaccf3), which is included in version [0.4.0](https://rubygems.org/gems/asciidoctor-include-ext/versions/0.4.0).\n\n### Workarounds\n\n```rb\nrequire \u0027asciidoctor/include_ext\u0027\n\nclass Asciidoctor::IncludeExt::IncludeProcessor\n  # Overrides superclass private method to mitigate Command Injection\n  # vulnerability in asciidoctor-include-ext \u003c0.4.0.\n  def target_uri?(target)\n    target.downcase.start_with?(\u0027http://\u0027, \u0027https://\u0027) \\\n      \u0026\u0026 URI.parse(target).is_a?(URI::HTTP)\n  rescue URI::InvalidURIError\n    false\n  end\nend\n```\n\n### References\n\n* https://sakurity.com/blog/2015/02/28/openuri.html\n\n### Credits\n\nThis vulnerability was discovered by Joern Schneeweisz from the GitLab Security Research Team.\n\n\n### For more information\n\nSee commit message c7ea001.\n\nIf you have any questions or comments about this advisory open an issue in [jirutka/asciidoctor-include-ext](https://github.com/jirutka/asciidoctor-include-ext/issues/).",
  "id": "GHSA-v222-6mr4-qj29",
  "modified": "2023-05-16T15:46:19Z",
  "published": "2022-03-31T23:27:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jirutka/asciidoctor-include-ext"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/asciidoctor-include-ext/CVE-2022-24803.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Command Injection vulnerability in asciidoctor-include-ext"
}

GSD-2022-24803

Vulnerability from gsd - Updated: 2022-03-31 00:00

Details

### Impact Applications using [Asciidoctor (Ruby)](https://github.com/asciidoctor/asciidoctor) with [asciidoctor-include-ext](https://github.com/jirutka/asciidoctor-include-ext) (prior to version 0.4.0), which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! ### Patches The vulnerability has been fixed in commit c7ea001 (and further improved in cbaccf3), which is included in version [0.4.0](https://rubygems.org/gems/asciidoctor-include-ext/versions/0.4.0). ### Workarounds ```rb require 'asciidoctor/include_ext' class Asciidoctor::IncludeExt::IncludeProcessor # Overrides superclass private method to mitigate Command Injection # vulnerability in asciidoctor-include-ext <0.4.0. def target_uri?(target) target.downcase.start_with?('http://', 'https://') \ && URI.parse(target).is_a?(URI::HTTP) rescue URI::InvalidURIError false end end ``` ### References * https://sakurity.com/blog/2015/02/28/openuri.html

Aliases

CVE-2022-24803

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24803",
    "description": "Asciidoctor-include-ext is Asciidoctor\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.",
    "id": "GSD-2022-24803"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "asciidoctor-include-ext",
            "purl": "pkg:gem/asciidoctor-include-ext"
          }
        }
      ],
      "aliases": [
        "CVE-2022-24803",
        "GHSA-v222-6mr4-qj29"
      ],
      "details": "### Impact\n\nApplications using [Asciidoctor (Ruby)](https://github.com/asciidoctor/asciidoctor)\nwith [asciidoctor-include-ext](https://github.com/jirutka/asciidoctor-include-ext)\n(prior to version 0.4.0), which render user-supplied input in AsciiDoc markup, may\nallow an attacker to execute arbitrary system commands on the host operating system.\nThis attack is possible even when `allow-uri-read` is disabled!\n\n### Patches\n\nThe vulnerability has been fixed in commit c7ea001 (and further improved in cbaccf3),\nwhich is included in version\n[0.4.0](https://rubygems.org/gems/asciidoctor-include-ext/versions/0.4.0).\n\n### Workarounds\n\n```rb\nrequire \u0027asciidoctor/include_ext\u0027\n\nclass Asciidoctor::IncludeExt::IncludeProcessor\n  # Overrides superclass private method to mitigate Command Injection\n  # vulnerability in asciidoctor-include-ext \u003c0.4.0.\n  def target_uri?(target)\n    target.downcase.start_with?(\u0027http://\u0027, \u0027https://\u0027) \\\n      \u0026\u0026 URI.parse(target).is_a?(URI::HTTP)\n  rescue URI::InvalidURIError\n    false\n  end\nend\n```\n\n### References\n\n* https://sakurity.com/blog/2015/02/28/openuri.html",
      "id": "GSD-2022-24803",
      "modified": "2022-03-31T00:00:00.000Z",
      "published": "2022-03-31T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
        },
        {
          "type": "WEB",
          "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
        },
        {
          "type": "WEB",
          "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 10.0,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Command Injection vulnerability in asciidoctor-include-ext"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-24803",
        "STATE": "PUBLIC",
        "TITLE": "Command Injection vulnerability in asciidoctor-include-ext"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "asciidoctor-include-ext",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 0.4.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "jirutka"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Asciidoctor-include-ext is Asciidoctor\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29",
            "refsource": "CONFIRM",
            "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
          },
          {
            "name": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155",
            "refsource": "MISC",
            "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
          },
          {
            "name": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee",
            "refsource": "MISC",
            "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-v222-6mr4-qj29",
        "discovery": "UNKNOWN"
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2022-24803",
      "cvss_v3": 10.0,
      "date": "2022-03-31",
      "description": "### Impact\n\nApplications using [Asciidoctor (Ruby)](https://github.com/asciidoctor/asciidoctor)\nwith [asciidoctor-include-ext](https://github.com/jirutka/asciidoctor-include-ext)\n(prior to version 0.4.0), which render user-supplied input in AsciiDoc markup, may\nallow an attacker to execute arbitrary system commands on the host operating system.\nThis attack is possible even when `allow-uri-read` is disabled!\n\n### Patches\n\nThe vulnerability has been fixed in commit c7ea001 (and further improved in cbaccf3),\nwhich is included in version\n[0.4.0](https://rubygems.org/gems/asciidoctor-include-ext/versions/0.4.0).\n\n### Workarounds\n\n```rb\nrequire \u0027asciidoctor/include_ext\u0027\n\nclass Asciidoctor::IncludeExt::IncludeProcessor\n  # Overrides superclass private method to mitigate Command Injection\n  # vulnerability in asciidoctor-include-ext \u003c0.4.0.\n  def target_uri?(target)\n    target.downcase.start_with?(\u0027http://\u0027, \u0027https://\u0027) \\\n      \u0026\u0026 URI.parse(target).is_a?(URI::HTTP)\n  rescue URI::InvalidURIError\n    false\n  end\nend\n```\n\n### References\n\n* https://sakurity.com/blog/2015/02/28/openuri.html",
      "gem": "asciidoctor-include-ext",
      "ghsa": "v222-6mr4-qj29",
      "patched_versions": [
        "\u003e= 0.4.0"
      ],
      "related": {
        "url": [
          "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155",
          "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
        ]
      },
      "title": "Command Injection vulnerability in asciidoctor-include-ext",
      "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c0.4.0",
          "affected_versions": "All versions before 0.4.0",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-03-31",
          "description": "Asciidoctor-include-ext is Asciidoctor\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.",
          "fixed_versions": [
            "0.4.0"
          ],
          "identifier": "CVE-2022-24803",
          "identifiers": [
            "GHSA-v222-6mr4-qj29",
            "CVE-2022-24803"
          ],
          "not_impacted": "All versions starting from 0.4.0",
          "package_slug": "gem/asciidoctor-include-ext",
          "pubdate": "2022-03-31",
          "solution": "Upgrade to version 0.4.0 or above.",
          "title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "urls": [
            "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29",
            "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155",
            "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee",
            "https://github.com/advisories/GHSA-v222-6mr4-qj29"
          ],
          "uuid": "7e965f1f-e6bc-4b55-80e7-5459a6534e83"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:asciidoctor-include-ext_project:asciidoctor-include-ext:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24803"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Asciidoctor-include-ext is Asciidoctor\u2019s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee"
            },
            {
              "name": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155"
            },
            {
              "name": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-11T20:15Z",
      "publishedDate": "2022-04-01T00:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-24803 (GCVE-0-2022-24803)

FKIE_CVE-2022-24803

GHSA-V222-6MR4-QJ29

Impact

Patches

Workarounds

References

Credits

For more information

GSD-2022-24803

Tags

Sightings

Nomenclature