{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-03T01:32:01.381","vulnerabilities":[{"cve":{"id":"CVE-2022-23915","sourceIdentifier":"report@snyk.io","published":"2022-03-04T20:15:07.757","lastModified":"2026-06-17T04:30:57.837","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution."},{"lang":"es","value":"El paquete weblate desde la versión 0 y anteriores a 4.11.1 son vulnerables a una Ejecución de Código Remota (RCE) por medio de una inyección de argumentos cuando son usados repositorios git o mercurial. Los usuarios autenticados, pueden cambiar el comportamiento de la aplicación de una manera no intencionada, conllevando a una ejecución de comandos"}],"affected":[{"source":"report@snyk.io","affectedData":[{"vendor":"n/a","product":"Weblate","versions":[{"version":"0","lessThan":"unspecified","versionType":"custom","status":"affected"},{"version":"unspecified","lessThan":"4.11.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*","versionEndExcluding":"4.11.1","matchCriteriaId":"C5AA9094-8C38-49F3-B1E3-AA59A60363AF"}]}]}],"references":[{"url":"https://github.com/WeblateOrg/weblate/pull/7337","source":"report@snyk.io","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/WeblateOrg/weblate/pull/7338","source":"report@snyk.io","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1","source":"report@snyk.io","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088","source":"report@snyk.io","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/WeblateOrg/weblate/pull/7337","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/WeblateOrg/weblate/pull/7338","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}