Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cgit Security Vulnerabilities

cve
cve

CVE-2016-1899

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit....

3.7CVSS

6AI Score

0.004EPSS

2016-01-20 04:59 PM
39
cve
cve

CVE-2016-1900

CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline cha...

3.7CVSS

5.9AI Score

0.004EPSS

2016-01-20 04:59 PM
52
cve
cve

CVE-2016-1901

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

9.8CVSS

9.7AI Score

0.029EPSS

2016-01-20 04:59 PM
46
cve
cve

CVE-2018-14912

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.

7.5CVSS

7.3AI Score

0.963EPSS

2018-08-03 07:29 PM
90