CVE-2022-39224— Arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-39224
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Source: NVD (National Vulnerability Database)
Vulnerability Description
Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the `extract` and `files` methods of the `RPM::File` class of this library. Version 0.0.12 patches these issues. A workaround for this issue is to ensure any RPMs being processed contain valid/known payload compressor values such as gzip, bzip2, xz, zstd, and lzma. The payload compressor field in an rpm can be checked by using the rpm command line tool.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
ruby-arr-pm 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ruby-arr-pm是Jordan Sissel个人开发者的一个用 Ruby 编写的 RPM 读取/写入库。旨在为 fpm 提供一种读写 RPM 的方法。 ruby-arr-pm 0.0.11版本及之前版本存在安全漏洞。攻击者利用该漏洞执行Shell脚本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| jordansissel | ruby-arr-pm | < 0.0.12 | - |
II. Public POCs for CVE-2022-39224
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-39224
请登录查看更多情报信息。
- https://github.com/jordansissel/ruby-arr-pm/pull/15x_refsource_MISC
- https://github.com/jordansissel/ruby-arr-pm/pull/14x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-39224
IV. Related Vulnerabilities
Same weakness: CWE-78
- CVE-2026-8273
D-Link DNS-320 system_mgr.cgi cgi_merge_user os command inje - CVE-2026-8272
D-Link DNS-320 webfile_mgr.cgi chown os command injection - CVE-2026-8271
D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command inje - CVE-2026-8265
Tenda AC6 httpd getLogFile get_log_file os command injection - CVE-2026-8264
Tenda AC6 httpd WifiApScan formWifiApScan os command injecti
V. Comments for CVE-2022-39224
No comments yet