github.com/sourcegraph/sourcegraph is vulnerable to remote code execution. A privileged attacker who is able to edit or add a Gitolite
code host and has administrative access to Sourcegraph’s
bundled Grafana
instance has the ability to change these command arbitrarily and run it remotely.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/sourcegraph/sourcegraph | le | v3.37.0 | |
github.com/sourcegraph/sourcegraph | le | v3.37.0 |