github.com/sourcegraph/sourcegraph, is vulnerable to remote code execution. The vulnerability exists because of the failure in call restriction in git config, allowing an attacker to make HTTP requests to internal services and perform the malicious operations remotely.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/sourcegraph/sourcegraph | le | v3.36.3 | |
github.com/sourcegraph/sourcegraph | le | v3.36.3 |
packetstormsecurity.com/files/167506/Sourcegraph-Gitserver-3.36.3-Remote-Code-Execution.html
packetstormsecurity.com/files/167741/Sourcegraph-gitserver-sshCommand-Remote-Command-Execution.html
github.com/sourcegraph/sourcegraph/commit/c00d7c04d7da30a3ad052f53713f723e9d4e7cb3
github.com/sourcegraph/sourcegraph/pull/30833
github.com/sourcegraph/sourcegraph/security/advisories/GHSA-qcmp-fx72-q8q9