← back
CVE-2008-5916

CVE-2008-5916

EPSS 0.5%
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=git&m=122975564100860&w=2http://marc.info/?l=linux-kernel&m=122975564100863&w=2:http://osvdb.org/50918http://secunia.com/advisories/33282http://secunia.com/advisories/33964http://secunia.com/advisories/34194http://securityreason.com/securityalert/4922https://exchange.xforce.ibmcloud.com/vulnerabilities/47528https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200903-15.xmlhttp://www.openwall.com/lists/oss-security/2009/01/15/2