git -- gitweb privilege escalation

ID ECAD44B9-E663-11DD-AFCD-00E0815B8DA8
Type freebsd
Reporter FreeBSD
Modified 2008-12-20T00:00:00


Git maintainers report:

gitweb has a possible local privilege escalation bug that allows a malicious repository owner to run a command of his choice by specifying diff.external configuration variable in his repository and running a crafted gitweb query.