CVSS: 7.5EPSS: 95%CPEs: 3EXPL: 4CVE-2018-14912 – cgit 1.2.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2018-14912
03 Aug 2018 — cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. cgit_clone_objects en CGit en versiones anteriores a la 1.2.1 tiene una vulnerabilidad de salto de directorio cuando "enable-http-clone=1" no está apagado, tal y como queda demostrado con una petición cgit/cgit.cgi/git/objects/?path=../. cgit suffers from a directory traversal vulnerability in cgit_clone_objects(). • https://packetstorm.news/files/id/148832 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1899 – Debian Security Advisory 3545-1
https://notcve.org/view.php?id=CVE-2016-1899
20 Jan 2016 — CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c. Vulnerabilidad de inyección CRLF en el manejador ui-blob en CGit en versiones anteriores a 0.12 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de separación de respuesta HTTP... • http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1900 – Debian Security Advisory 3545-1
https://notcve.org/view.php?id=CVE-2016-1900
20 Jan 2016 — CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. Vulnerabilidad de inyección CRLF en la función cgit_print_http_headers en ui-shared.c en CGit en versiones anteriores a 0.12 permite a atacantes remotos con permisos para escribir en un repo... • http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2016-1901 – Debian Security Advisory 3545-1
https://notcve.org/view.php?id=CVE-2016-1901
20 Jan 2016 — Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow. Desbordamiento de enteros en la función authenticate_post en CGit en versiones anteriores a 0.12 permite a atacantes remotos tener un impacto no especificado a través de un gran valor en la cabecera HTTP Content-Length, lo que desencadena un desbordamiento del buffer. Several vulnerabilities were disco... • http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2013-2117
https://notcve.org/view.php?id=CVE-2013-2117
09 Aug 2013 — Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. Vulnerabilidad de salto de directorio en la función cgit_parse_readme en ui-summary.c en cgit anterior a v0.9.2, cuando un archivo readme se establece en una ruta del sistema de archivos, permite a atacantes remotos leer ficheros a través de .. (punto punto) en el pará... • http://git.zx2c4.com/cgit/commit/?h=wip&id=babf94e04e74123eb658a823213c062663cdadd6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2012-4548
https://notcve.org/view.php?id=CVE-2012-4548
11 Nov 2012 — Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. Vulnerabilidad de inyección de argumentos en sintax-highlighting.sh en cgit v9.0.3 y anteriores permite a usuarios remotos autenticados con los permisos para añadir ficheros ejecutar código arbitrario a través del argumento --plug-in del comando resaltado. • http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd •
CVSS: 8.8EPSS: 5%CPEs: 28EXPL: 0CVE-2012-4465
https://notcve.org/view.php?id=CVE-2012-4465
10 Oct 2012 — Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field in a commit. Desbordamiento de búfer basado en memoria dinámica en la función substr en parsing.c en cgit v0.9.0.3, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código a través de un nombre vacío en el campo "Author" en... • http://git.zx2c4.com/cgit/commit/?id=7757d1b046ecb67b830151d20715c658867df1ec • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 27EXPL: 0CVE-2011-2711
https://notcve.org/view.php?id=CVE-2011-2711
03 Aug 2011 — Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función print_fileinfo de ui-diff.c de cgit v0.9.0.2 y anteriores, permite a usuarios autenticados en remoto inyectar secuencias de comandos web o HTML de su elección a través del nombre de fichero asocia... • http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 26EXPL: 2CVE-2011-1027
https://notcve.org/view.php?id=CVE-2011-1027
20 Mar 2011 — Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence. Error de superación de límite (off-by-one) en la función convert_query_hexchar en html.c en cgit.cgi en cgit anteriores a v0.8.3.5, permite a atacantes remotos provocar una denegación de servicio (buble infinito) a través d... • http://article.gmane.org/gmane.comp.version-control.git/168493 • CWE-193: Off-by-one Error •