ViewVC before 1.0.5 includes “all-forbidden” files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | all | viewvc | < 1.0.5-0.1 | viewvc_1.0.5-0.1_all.deb |