CVSS: 7.5EPSS: 96%CPEs: 3EXPL: 2CVE-2018-14912 – cgit 1.2.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2018-14912
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. cgit_clone_objects en CGit en versiones anteriores a la 1.2.1 tiene una vulnerabilidad de salto de directorio cuando "enable-http-clone=1" no está apagado, tal y como queda demostrado con una petición cgit/cgit.cgi/git/objects/?path=../. cgit suffers from a directory traversal vulnerability in cgit_clone_objects(). • https://www.exploit-db.com/exploits/45195 https://bugs.chromium.org/p/project-zero/issues/detail?id=1627 https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html https://www.debian.org/security/2018/dsa-4263 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1899
https://notcve.org/view.php?id=CVE-2016-1899
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c. Vulnerabilidad de inyección CRLF en el manejador ui-blob en CGit en versiones anteriores a 0.12 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de separación de respuesta HTTP o ataques XSS a través de secuencias CRLF en el parámetro mimetype, según lo demostrado por una petición ablob/cgit.c. • http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html http:// •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1900
https://notcve.org/view.php?id=CVE-2016-1900
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. Vulnerabilidad de inyección CRLF en la función cgit_print_http_headers en ui-shared.c en CGit en versiones anteriores a 0.12 permite a atacantes remotos con permisos para escribir en un repositorio inyectar cabeceras HTTP arbitrarias y realizar ataques de separación de respuesta HTTP o ataques XSS a través de caracteres de nueva línea en un nombre de archivo. • http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html http:// •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2016-1901
https://notcve.org/view.php?id=CVE-2016-1901
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow. Desbordamiento de enteros en la función authenticate_post en CGit en versiones anteriores a 0.12 permite a atacantes remotos tener un impacto no especificado a través de un gran valor en la cabecera HTTP Content-Length, lo que desencadena un desbordamiento del buffer. • http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html http://www.debian.org/security/2016/dsa-3545 http://www.openwall.com&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2013-2117
https://notcve.org/view.php?id=CVE-2013-2117
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. Vulnerabilidad de salto de directorio en la función cgit_parse_readme en ui-summary.c en cgit anterior a v0.9.2, cuando un archivo readme se establece en una ruta del sistema de archivos, permite a atacantes remotos leer ficheros a través de .. (punto punto) en el parámetro URL. • http://git.zx2c4.com/cgit/commit/?h=wip&id=babf94e04e74123eb658a823213c062663cdadd6 http://lists.opensuse.org/opensuse-updates/2013-07/msg00061.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00012.html http://lists.zx2c4.com/pipermail/cgit/2013-May/001394.html http://secunia.com/advisories/54186 http://www.openwall.com/lists/oss-security/2013/05/27/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •