Description
A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.
References (1)
Core 1
Core References
Issue Tracking, Mitigation
https://bugzilla.suse.com/show_bug.cgi?id=1205296
Scores
CVSS v3
5.9
EPSS
0.0106
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-74
Status
published
Products (3)
rancher/wrangler
0 - 0.7.4-security1Go
suse/wrangler
1.0.0
suse/wrangler
< 0.7.4
Published
Feb 07, 2023
Tracked Since
Feb 18, 2026