Debian Ruby-Git vulnerabilities

CVE-2022-46648 [HIGH] CVE-2022-46648: ruby-git - ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to exe... ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. Scope: local bookworm: resolved (fixed in 1.13.1-1) bullseye: resolved (fixed in 1.7.0-1+deb11u1) forky: resolve

CVE-2022-47318 [HIGH] CVE-2022-47318: ruby-git - ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to exe... ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. Scope: local bookworm: resolved (fixed in 1.13.1-1) bullseye: resolved (fixed in 1.7.0-1+deb11u1) forky: resolve

CVE-2022-25648 [HIGH] CVE-2022-25648: ruby-git - The package git before 1.11.0 are vulnerable to Command Injection via git argume... The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. Scope: local bookworm: resolved (fixed in 1