CVE-2024-47516

Publication date 26 March 2025

Last updated 4 February 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

Status

Package Ubuntu Release Status
pagure 25.10 questing
Not affected
25.04 plucky Ignored end of life, was needs-triage
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Fixed 5.11.3+dfsg-2.1ubuntu0.2
22.04 LTS jammy
Fixed 5.11.3+dfsg-1ubuntu0.1
20.04 LTS focal
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
pagure

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.8 · Critical

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-7984-1
    • Pagure vulnerabilities
    • 29 January 2026

Other references

Access our resources on patching vulnerabilities