4.6
CVE-2008-5916
- EPSS 0.46%
- Veröffentlicht 21.01.2009 02:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.362 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/33964
http://www.ubuntu.com/usn/USN-723-1
http://secunia.com/advisories/34194
http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml
http://marc.info/?l=git&m=122975564100860&w=2
http://marc.info/?l=linux-kernel&m=122975564100863&w=2:
http://osvdb.org/50918
http://secunia.com/advisories/33282
http://securityreason.com/securityalert/4922
http://www.openwall.com/lists/oss-security/2009/01/15/2
http://www.openwall.com/lists/oss-security/2009/01/20/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47528
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html