Ansgar Burchardt discovered that the Git plugin for FusionForge, a
web-based project-management and collaboration software, does not
sufficiently validate user provided input as parameter to the method to
create secondary Git repositories. A remote attacker can use this flaw
to execute arbitrary code as root via a specially crafted URL.
For the stable distribution (jessie), this problem has been fixed in
version 5.3.2+20141104-3+deb8u1.
For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your fusionforge packages.
CPE | Name | Operator | Version |
---|---|---|---|
fusionforge | eq | 5.3.2+20141104-3 |