exploitDog

GHSA-53jj-rpcg-6cc6

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 3.7

Описание

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.

Ссылки

EPSS

Процентиль: 70%

0.00646

Низкий

3.7 Low

CVSS3

CVE ID

Связанные уязвимости

CVE-2016-1899

CVSS3: 3.7

ubuntu

около 10 лет назад

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.

CVE-2016-1899

CVSS3: 3.7

nvd

около 10 лет назад

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.

CVE-2016-1899

CVSS3: 3.7

debian

около 10 лет назад

CRLF injection vulnerability in the ui-blob handler in CGit before 0.1 ...

openSUSE-SU-2016:0196-1

suse-cvrf

около 10 лет назад

Security update for cgit

EPSS

Процентиль: 70%

0.00646

Низкий

3.7 Low

CVSS3

CVE ID