CVSS: 9.8EPSS: 13%CPEs: 51EXPL: 1CVE-2008-5517 – gitWeb 1.5.2 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-5517
13 Jan 2009 — The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. La interfaz web en git (gitweb) versiones 1.5.x anteriores a 1.5.6, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell relacionados a (1) git_snapshot y (2) git_object. • https://www.exploit-db.com/exploits/11497 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2008-3546
https://notcve.org/view.php?id=CVE-2008-3546
07 Aug 2008 — Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. Desbordamiento de búfer basado en pila de las funciones (1) diff_addremove y (2) diff_change en GIT versiones anteriores a la 1.5.6.4, podría permitir a usuarios locales ejecutar código arbitrariamente a través de un PATH de longitud mayo... • http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 13EXPL: 0CVE-2006-0477
https://notcve.org/view.php?id=CVE-2006-0477
31 Jan 2006 — Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. • http://lwn.net/Articles/169623 •