{"id":"CVE-2022-28927","details":"A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.","modified":"2026-04-11T23:14:47.389640Z","published":"2022-05-19T16:15:07.963Z","references":[{"type":"FIX","url":"https://gist.github.com/CwithW/01a726e5af709655d6ee0b2067cdae03"},{"type":"FIX","url":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tindy2013/subconverter","events":[{"introduced":"0"},{"last_affected":"7703d551bd873cbc0e15fd2d7fb175528dbe012e"},{"fixed":"ce8d2bd0f13f05fcbd2ed90755d097f402393dd3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.7.2"}]}}],"versions":["v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.1.0","v0.1.1","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.3.0","v0.3.1","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v0.5.1","v0.5.2","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.6.4","v0.7.0","v0.7.1","v0.7.2"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","digest":{"length":845,"function_hash":"259509781383575194076030127458393994113"},"deprecated":false,"target":{"file":"src/generator/config/nodemanip.cpp","function":"nodeRename"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-097fbad1"},{"signature_version":"v1","signature_type":"Function","digest":{"length":936,"function_hash":"120144558944376038716666326901165210208"},"deprecated":false,"target":{"file":"src/generator/config/nodemanip.cpp","function":"addEmoji"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-0eb00b63"},{"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["338545122428861871429691488915455247789","200772283940007641301736675419329515907","249193650644317766291367232510792875927","48249621468777245612224269696919157974"],"threshold":0.9},"deprecated":false,"target":{"file":"src/generator/config/subexport.cpp"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-10b21ea2"},{"signature_version":"v1","signature_type":"Function","digest":{"length":16025,"function_hash":"68445709000031332524011621302530271769"},"deprecated":false,"target":{"file":"src/handler/interfaces.cpp","function":"subconverter"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-1bedc58b"},{"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["38184234143551854430953235571966865589","199019713418822282068383034268708811964","187664432621830627626336405977651025775","303898551453791528540437062282712833696"],"threshold":0.9},"deprecated":false,"target":{"file":"src/handler/settings.h"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-39ffba9e"},{"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["272180236190803384077581039876713184995","337525974262718244791059008275309178776","45693590855883608092513206710637743349","138404948008004436906753056840612479824"],"threshold":0.9},"deprecated":false,"target":{"file":"src/generator/config/subexport.h"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-4c0fa7be"},{"signature_version":"v1","signature_type":"Function","digest":{"length":986,"function_hash":"196558245184345599413304203553150903103"},"deprecated":false,"target":{"file":"src/generator/config/subexport.cpp","function":"groupGenerate"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-72e6b3fb"},{"signature_version":"v1","signature_type":"Function","digest":{"length":3780,"function_hash":"201075664167984993253001476031114919860"},"deprecated":false,"target":{"file":"src/generator/config/nodemanip.cpp","function":"addNodes"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-7cfdb7e4"},{"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["256475900586497594565061200923420273085","26200362067498421376176561240662694476","83143073932275058233030526177704135909","173642351841019992801130714198601139242","285777057819666270287578096977855690283","239916305284554054789959660754805152324","173369305118071446425651090795419746348","305659003616553021762209333941254069705","224222081096339282781586640931451557366","280341859001341640227704303258695095376","59529319329304376427733611362831693475","289047087160005059016085052957547184886","91661193397978673972009858218208210814","61652276915242085458917827129796725188","240255950819135606143263445250573960626","168318540835906262512058200028935972432","261091070461111865743352351135573726308","222867480584463794881085523954523409170","245043193386902901152416675710301878249","322735503505077120104598266362995837922","315719641304638773107718365958028047871","246869364792251145136331387766175112039","245447614304576090768702617397043367721","214613345714229069361719409735488692835","26684248191480770023402528090273506687","133895057545911509730475983254651304081","240301710178886251064453377495200047213","27472109781921241935817684250938609000"],"threshold":0.9},"deprecated":false,"target":{"file":"src/handler/settings.cpp"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-8e0ded74"},{"signature_version":"v1","signature_type":"Function","digest":{"length":9533,"function_hash":"115805550838069525950021802464296960690"},"deprecated":false,"target":{"file":"src/handler/settings.cpp","function":"readConf"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-8ecff4c4"},{"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["241063006537864921060524776673725920480","72919050273123263322294299880673941040","215461335715119335376797676120201414733"],"threshold":0.9},"deprecated":false,"target":{"file":"src/handler/interfaces.cpp"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-99b9f2ff"},{"signature_version":"v1","signature_type":"Function","digest":{"length":9329,"function_hash":"141244377687438143516988183872240920351"},"deprecated":false,"target":{"file":"src/handler/settings.cpp","function":"readYAMLConf"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-ab5c75c1"},{"signature_version":"v1","signature_type":"Function","digest":{"length":1299,"function_hash":"76210728789571129635431835786818392631"},"deprecated":false,"target":{"file":"src/generator/config/nodemanip.cpp","function":"preprocessNodes"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-c82802fb"},{"signature_version":"v1","signature_type":"Function","digest":{"length":6503,"function_hash":"316647142611184594576434641409571207874"},"deprecated":false,"target":{"file":"src/handler/settings.cpp","function":"readTOMLConf"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-c86a1953"},{"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["198906372156697715820319630576678806894","91021285207433122594555164950929376883","95363140249836527866197925287371529777","75257081543197597182808301106978088799","302458432708978033424252702468119433642","9650651562072460958422195750698730853","68739858142534844118586448345633972687","27203750936494394576703454954854971149","197554509633727142283748512439271266776","35403679111830034404974572256916419987","15248752157228626773720563960312279268","232005498609078662816508164927764927881","70145136640763619976803526149952070492","72761003550693856262929892268275576240","181126925487699852816993882951080568815","189170211905543349673688295163332543524"],"threshold":0.9},"deprecated":false,"target":{"file":"src/generator/config/nodemanip.cpp"},"source":"https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3","id":"CVE-2022-28927-d60de665"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28927.json","vanir_signatures_modified":"2026-04-11T23:14:47Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}