CVE-2018-14912

CVE-2018-14912 affects CGit prior to 1.2.1. The vulnerability is a directory traversal in cgit_clone_objects() that can be triggered when enable-http-clone is not disabled, allowing a remote attacker to retrieve arbitrary files via requests like cgit/cgit.cgi/git/objects/?path=../. Multiple advis...

CVE-2016-1900

CVE-2016-1900 affects CGit prior to 0.12. The vulnerability arises from CRLF/header injection in cgit_print_http_headers (ui-shared.c), enabling a remote attacker with write-access to a repository to inject arbitrary HTTP headers and trigger HTTP response splitting and potential XSS via newline c...

CVE-2016-1901

CVE-2016-1901 refers to an Integer Overflow in cgit’s authenticate_post function that can trigger a buffer overflow when a large Content-Length header is processed. Publicly documented fixes target the cgit 0.12 release family: Debian’s DSA-3545.1 notes updates to 0.12.x (and later backports for ...

CVE-2016-1899

CVE-2016-1899, -1900, -1901 affect cgit prior to the fixes (0.12.x line). Exploitable via CRLF/header injection, cross-site scripting and an integer/buffer overflow in the mime/filename handling, as detailed by multiple advisories. Debian shows fixed versions: Jessie (0.10.2.git2.0.1-3+deb8u1) an...