Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the host parameter on the /list-gitolite endpoint. An attacker can inject commands by sending local requests to the vulnerable endpoint. Remediation Upgrade...

CVE-2022-41942

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

Command injection

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

PT-2022-26172 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 4.1.0 Description: The issue is a command injection vulnerability in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host paramete...

CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

Sourcegraph 操作系统命令注入漏洞

Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. An operating system command injection vulnerability exists in Sourcegraph versions prior to 4.1.0, which stems from a command injection vulnerability due to a lack of input validation of the /list-gitolite...