—
PYSEC-2022-162
Details
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / weblate
Introduced in:
0 Fixed in: 35d59f1f040541c358cece0a8d4a63183ca919b8 Fix
pip install --upgrade 'weblate>=35d59f1f040541c358cece0a8d4a63183ca919b8' References
- https://github.com/WeblateOrg/weblate/commit/35d59f1f040541c358cece0a8d4a63183ca919b8 [FIX]
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3872-f48p-pxqj [ADVISORY]
- https://github.com/WeblateOrg/weblate/commit/d83672a3e7415da1490334e2c9431e5da1966842 [FIX]
- https://github.com/advisories/GHSA-h2g5-2rhx-ffgj [ADVISORY]