Skip to main content

Cgit

7 CVEs product

Monthly

CVE-2018-14912 HIGH POC THREAT This Week

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cgit Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
93.2%
CVE-2016-1901 CRITICAL POC PATCH Act Now

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Fedora Cgit
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2016-1900 LOW PATCH Monitor

CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

XSS Fedora Cgit
NVD
CVSS 3.0
3.7
EPSS
0.6%
CVE-2016-1899 LOW PATCH Monitor

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

XSS Fedora Cgit
NVD
CVSS 3.0
3.7
EPSS
0.6%
CVE-2013-2117 MEDIUM This Month

Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Cgit
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-4548 MEDIUM This Month

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Cgit
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2012-4465 MEDIUM This Month

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Cgit
NVD
CVSS 2.0
6.5
EPSS
3.5%
EPSS 93% CVSS 7.5
HIGH POC THREAT This Week

cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cgit Debian Linux
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Fedora Cgit
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

XSS Fedora Cgit
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

XSS Fedora Cgit
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Cgit
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Cgit
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy