CVE-2010-0394

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.

PyGIT.py en el plugin Trac Git (trac-git) anteriores a v0.0.20080710-3+lenny1 y anteriores a v0.0.20090320-1 en Debian GNU/Linux, cuando esta activado Trac, permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de la shell en una petición HTTP manipulada que es utilizada para generar cierto comando git.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-01-27 CVE Reserved
2010-02-04 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (6)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567039	X_refsource_confirm
http://osvdb.org/62147	Vdb Entry
http://www.securityfocus.com/bid/38076	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/56105	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/38325	2017-08-17
http://www.debian.org/security/2010/dsa-1990	2017-08-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nanosleep Search vendor "Nanosleep"	Trac-git Search vendor "Nanosleep" for product "Trac-git"	<= 0.0.20080710 Search vendor "Nanosleep" for product "Trac-git" and version " <= 0.0.20080710"	-	Affected	in	Edgewall Software Search vendor "Edgewall Software"	Trac Search vendor "Edgewall Software" for product "Trac"	*	-	Safe
Nanosleep Search vendor "Nanosleep"	Trac-git Search vendor "Nanosleep" for product "Trac-git"	<= 0.0.20080710 Search vendor "Nanosleep" for product "Trac-git" and version " <= 0.0.20080710"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	*	-	Safe
Nanosleep Search vendor "Nanosleep"	Trac-git Search vendor "Nanosleep" for product "Trac-git"	<= 0.0.20090320 Search vendor "Nanosleep" for product "Trac-git" and version " <= 0.0.20090320"	-	Affected	in	Edgewall Software Search vendor "Edgewall Software"	Trac Search vendor "Edgewall Software" for product "Trac"	*	-	Safe
Nanosleep Search vendor "Nanosleep"	Trac-git Search vendor "Nanosleep" for product "Trac-git"	<= 0.0.20090320 Search vendor "Nanosleep" for product "Trac-git" and version " <= 0.0.20090320"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	*	-	Safe