Lucene search
K

4 matches found

Snyk
Snyk
added 2022/11/23 12:1 p.m.4 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the host parameter on the /list-gitolite endpoint. An attacker can inject commands by sending local requests to the vulnerable endpoint. Remediation Upgrade...

8CVSS7.3AI score0.01516EPSS
Exploits0References2
NVD
NVD
added 2022/11/22 7:15 p.m.43 views

CVE-2022-41942

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

7.9CVSS0.01516EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/22 12:0 a.m.6 views

PT-2022-26172 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 4.1.0 Description: The issue is a command injection vulnerability in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host paramete...

7.9CVSS7.7AI score0.01516EPSS
Exploits0References6
OSV
OSV
added 2022/11/22 12:0 a.m.31 views

CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

7.9CVSS7.6AI score0.01516EPSS
Exploits0References4
Rows per page
Query Builder