CRITICAL🇵🇱 Wersja polska

CVE-2024-47516

CVSS 9.8v3.1pub. 2025-03-26upd. 2026-04-15

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

🤖 AI Analysis
How it works

The vulnerability (CWE-88 — argument injection) occurs when fetching repository history using Git. An attacker can inject malicious arguments into a Git command call, which are then interpreted by the system as additional options or flags. This leads to unintended code execution on the Pagure instance without requiring privileges or user interaction.

Impact

An attacker can gain full control over the server — confidentiality, integrity and availability of data are at risk (CVSS rating C:H/I:H/A:H). Pagure instance takeover is possible, as well as reading or modifying repositories and user data.

Mitigation & patch

Patches available from the vendor should be applied according to the references — detailed information about patched versions is available at https://bugzilla.redhat.com/show_bug.cgi?id=2315805 and https://access.redhat.com/security/cve/CVE-2024-47516.

Who is affected

Pagure application — versions indicated in the vendor's references (Red Hat Bugzilla #2315805).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References