CVE-2018-14912

Опубликовано: 03 авг. 2018

Источник: debian

Описание

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cgit	fixed	1.1+git2.10.2-3.1		package

Примечания

https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680

Связанные уязвимости

CVE-2018-14912

CVSS3: 7.5

ubuntu

больше 7 лет назад

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

CVE-2018-14912

CVSS3: 7.5

nvd

больше 7 лет назад

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

openSUSE-SU-2018:2313-1

suse-cvrf

больше 7 лет назад

Security update for cgit

openSUSE-SU-2018:2308-1

suse-cvrf

больше 7 лет назад

Security update for cgit

GHSA-46c3-xc8j-9qg7

CVSS3: 7.5

github

больше 3 лет назад

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.