6

CVE-2012-4548

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lars HjemliCgit Version <= 0.9.0.3
Lars HjemliCgit Version0.1
Lars HjemliCgit Version0.2
Lars HjemliCgit Version0.3
Lars HjemliCgit Version0.4
Lars HjemliCgit Version0.5
Lars HjemliCgit Version0.6
Lars HjemliCgit Version0.6.1
Lars HjemliCgit Version0.6.2
Lars HjemliCgit Version0.6.3
Lars HjemliCgit Version0.7
Lars HjemliCgit Version0.7.1
Lars HjemliCgit Version0.7.2
Lars HjemliCgit Version0.8
Lars HjemliCgit Version0.8.1
Lars HjemliCgit Version0.8.1.1
Lars HjemliCgit Version0.8.2
Lars HjemliCgit Version0.8.2.1
Lars HjemliCgit Version0.8.2.2
Lars HjemliCgit Version0.8.3
Lars HjemliCgit Version0.8.3.1
Lars HjemliCgit Version0.8.3.2
Lars HjemliCgit Version0.8.3.3
Lars HjemliCgit Version0.8.3.4
Lars HjemliCgit Version0.8.3.5
Lars HjemliCgit Version0.9
Lars HjemliCgit Version0.9.0.1
Lars HjemliCgit Version0.9.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.75% 0.843
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/50734
Vendor Advisory
http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html
http://secunia.com/advisories/51167
Vendor Advisory
http://secunia.com/advisories/51222
http://www.openwall.com/lists/oss-security/2012/10/28/1
http://www.openwall.com/lists/oss-security/2012/10/28/2
http://www.securityfocus.com/bid/56315
https://bugzilla.redhat.com/show_bug.cgi?id=870713
https://exchange.xforce.ibmcloud.com/vulnerabilities/79665