EUVD-2022-45054

Malicious code in bioql PyPI...

EUVD-2022-45053

Malicious code in bioql PyPI...

CVE-2022-41943

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...

CVE-2022-41942

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

CVE-2022-23642

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling git config. This allows an attacker to set the git core.sshCommand...

Arbitrary Code Execution

github.com/sourcegraph/sourcegraph is vulnerable to arbitrary code execution. The vulnerability exists in the buildCustomFetchMappings function in customfetch.go due to an experimental feature which if enabled on the gitserver which allows an attacker to inject and execute arbitrary commands...

CVE-2022-41942

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

CVE-2022-41943

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...

Command injection

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

Design/Logic Flaw

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...

CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

PT-2022-26172 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 4.1.0 Description: The issue is a command injection vulnerability in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host paramete...

PT-2022-26173 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 4.1.0 Description: The issue allows a site admin to execute arbitrary commands on Gitserver when the experimental customGitFetch feature is enabled. This feature has been disabled by default. Recommendations: For...

CVE-2022-41942

CVE-2022-41942 affects Sourcegraph’s gitserver component. A command injection existed in the /list-gitolite endpoint due to lack of input validation on the host parameter, exploitable only if an attacker can send local requests to gitserver. Affected versions are those prior to 4.1.0; the issue i...

CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

CVE-2022-41943 Incorrect default permissions found in Sourcegraph

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...

CVE-2022-41943 Incorrect default permissions found in Sourcegraph

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...

Sourcegraph 安全漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. A security vulnerability exists in Sourcegraph versions prior to 4.1.0, which can be exploited to execute arbitrary commands on the Gitserver when a site administrator enables the experimental "customGitFetch"...

Sourcegraph gitserver sshCommand RCE

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...