Design/Logic Flaw

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a craft...

Design/Logic Flaw

The web interface in git gitweb 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to gitsearch...