CVE-2023-26143
Published: 19 September 2023
Summary
CVE-2023-26143 is a medium-severity Argument Injection (CWE-88) vulnerability in Blamer Project Blamer. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 19.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-2444
Vulnerability details
Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly…
more
pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.