gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=git&m=122975564100860&w=2 - | |
References | () http://marc.info/?l=linux-kernel&m=122975564100863&w=2: - | |
References | () http://osvdb.org/50918 - | |
References | () http://secunia.com/advisories/33282 - | |
References | () http://secunia.com/advisories/33964 - | |
References | () http://secunia.com/advisories/34194 - | |
References | () http://securityreason.com/securityalert/4922 - | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml - | |
References | () http://www.openwall.com/lists/oss-security/2009/01/15/2 - | |
References | () http://www.openwall.com/lists/oss-security/2009/01/20/2 - | |
References | () http://www.ubuntu.com/usn/USN-723-1 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/47528 - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html - |
Information
Published : 2009-01-21 02:30
Updated : 2024-11-21 00:55
NVD link : CVE-2008-5916
Mitre link : CVE-2008-5916
CVE.ORG link : CVE-2008-5916
JSON object : View
Products Affected
git
- git
CWE
CWE-264
Permissions, Privileges, and Access Controls