Publish GHSA-h2g5-2rhx-ffgj

advisory-database[bot] · advisory-database[bot] · commit 900466e4fd79 · 2026-01-23T22:31:07.000Z
diff --git a/advisories/github-reviewed/2022/03/GHSA-h2g5-2rhx-ffgj/GHSA-h2g5-2rhx-ffgj.json b/advisories/github-reviewed/2022/03/GHSA-h2g5-2rhx-ffgj/GHSA-h2g5-2rhx-ffgj.json
@@ -1,13 +1,14 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h2g5-2rhx-ffgj",
-  "modified": "2022-03-14T23:12:25Z",
+  "modified": "2026-01-23T22:29:40Z",
   "published": "2022-03-05T00:00:44Z",
+  "withdrawn": "2026-01-23T22:29:40Z",
   "aliases": [
     "CVE-2022-24727"
   ],
-  "summary": "Command injection in Weblate",
-  "details": "Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.",
+  "summary": "Duplicate Advisory: Command injection in Weblate",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-3872-f48p-pxqj. This link is maintained to preserve external references.\n\n## Original Description\nWeblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.",
   "severity": [],
   "affected": [
     {
