git -- gitweb privilege escalation

2008-12-20T00:00:00
ID ECAD44B9-E663-11DD-AFCD-00E0815B8DA8
Type freebsd
Reporter FreeBSD
Modified 2008-12-20T00:00:00

Description

Git maintainers report:

gitweb has a possible local privilege escalation bug that allows a malicious repository owner to run a command of his choice by specifying diff.external configuration variable in his repository and running a crafted gitweb query.