cgit -- directory traversal vulnerability

2018-08-03T00:00:00
ID 06C4A79B-981D-11E8-B460-9C5C8E75236A
Type freebsd
Reporter FreeBSD
Modified 2018-08-03T00:00:00

Description

Jann Horn reports:

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.