DEBIAN-CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

Directory traversal

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

CVE-2018-14912

cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

CVE-2018-14912

CVE-2018-14912 affects CGit prior to 1.2.1. The vulnerability is a directory traversal in cgit_clone_objects() that can be triggered when enable-http-clone is not disabled, allowing a remote attacker to retrieve arbitrary files via requests like cgit/cgit.cgi/git/objects/?path=../. Multiple advis...

[ASA-201808-2] cgit: directory traversal

Arch Linux Security Advisory ASA-201808-2 ========================================= Severity: High Date : 2018-08-03 CVE-ID : CVE-2018-14912 Package : cgit Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-745 Summary ======= The package cgit before version 1.2.1-1...

Debian: Security Advisory (DSA-4263-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

cgit -- directory traversal vulnerability

Jann Horn reports: cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request...

cgit 1.2.1 - cgit_clone_objects() Directory Traversal

cgit 1.2.1 - cgitcloneobjects Directory Traversal There is a directory traversal vulnerability in cgitcloneobjects, reachable when the configuration flag enable-http-clone is set to 1 default: void cgitcloneobjectsvoid if !ctx.qry.path cgitprinterrorpage400, "Bad request", "Bad request"; return; ...

cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal

There is a directory traversal vulnerability in cgitcloneobjects, reachable when the configuration flag enable-http-clone is set to 1 default: void cgitcloneobjectsvoid if !ctx.qry.path cgitprinterrorpage400, "Bad request", "Bad request"; return; if !strcmpctx.qry.path, "info/packs" printpackinfo...

Debian DSA-3545-1 : cgit - security update

Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3545-1] cgit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3545-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3545-1] cgit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3545-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3545-1 (cgit - security update)

Several vulnerabilities were discovered in cgit, a fast web frontend for git repositories written in C. A remote attacker can take advantage of these flaws to perform cross-site scripting, header injection or denial of service attacks. OpenVAS Vulnerability Test $Id: deb3545.nasl 6608 2017-07-07...

DSA-3545-1 cgit - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3545-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated git packages fix security vulnerability

There is a buffer overflow vulnerability possibly leading to remote code execution in git. It can happen while pushing or cloning a repository with a large filename or a large number of nested trees CVE-2016-2315, CVE-2016-2324. The git package has been updated to version 2.7.4, which fixes this...

openSUSE Security Update : cgit (openSUSE-2016-367)

This update for cgit fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code CVE-2016-2315, CVE-2016-2324, bsc971328. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...