Lucene search
+L
Lars HjemliCgit

5 matches found

CVE
CVE
added 2013/08/09 6:0 p.m.61 views

CVE-2013-2117

Directory traversal in cgit_parse_readme (ui-summary.c) of cgit before 0.9.2 allows remote attackers to read arbitrary files via a .. in the url parameter. Affected: cgit up to version

4.3CVSS6.4AI score0.01765EPSS
CVE
CVE
added 2011/03/20 1:0 a.m.58 views

CVE-2011-1027

CVE-2011-1027 : Off-by-one in the convert_query_hexchar function of html.c in cgit.cgi (cgit) before 0.8.3.5 can cause a denial of service (infinite loop) when processing a % followed by invalid hex characters (e.g., %gg). Connected advisories confirm the affected component and offer remediation ...

5CVSS6.3AI score0.03746EPSS
CVE
CVE
added 2011/08/03 12:0 a.m.58 views

CVE-2011-2711

CVE-2011-2711 affects cgit ≤0.9.0.2: XSS in print_fileinfo (ui-diff.c) allows remote authenticated users to inject script/HTML via the filename in a rename hint. Documented across multiple sources (SUSE/Fedora updates) indicating patches exist in cgit upgrades (e.g., OpenSUSE/SU-2011:0891-1, Fedo...

3.5CVSS5.2AI score0.01882EPSS
CVE
CVE
added 2012/10/10 6:0 p.m.56 views

CVE-2012-4465

CVE-2012-4465 affects cgit up to version 0.9.0.3, where a heap-based buffer overflow in substr in parsing.c can be triggered by an empty Author field in a commit. This allows remote authenticated users to cause a crash and potentially execute arbitrary code. The vulnerability has been addressed i...

6.5CVSS7.7AI score0.03383EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.51 views

CVE-2012-4548

CVE-2012-4548 affects cgit up to version 9.0.3, via an argument injection in syntax-highlighting.sh that allows remote authenticated users with file-adding permissions to execute arbitrary commands through the --plug-in argument to the highlight command. Root cause: improper handling of plugin ar...

6CVSS7.3AI score0.02752EPSS