CVE-2018-19585

CVE-2018-19585 covers CRLF Injection in GitLab CE/EE Project Mirroring when using the Git protocol. Affected: GitLab versions 8.18–11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The root cause is CRLF injection in mirroring requests; public material references exploitation o...

CVE-2018-19585

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol...

CVE-2018-19585

Removed by vendor...

GitLab: CRLF injection & SSRF in git:// protocal lead to arbitrary code execution

Summary: The implementation of git:// protocal in GitLab is vulnerable to CRLF injection and Server-Side Request Forgery. If the redis server is configured to listen on TCP socket eg. port 6379, an attacker can abuse SSRF to manipulate redis server, injecting malicious payload into systemhookpush...

Paragon Initiative Enterprises: Using plain git protocol (vulnerable to MITM)

Using plain git protocol git://domain is insecure as the server is not verified MITM attacker can return different content if last commit not checked against known one more information about this issue Protocols to choose from when cloning: https://gist.github.com/grawity/4392747...