CVE-2012-4548

Published: Nov 11, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=870713

x_refsource_MISC

51167

third-party-advisory

x_refsource_SECUNIA

56315

vdb-entry

x_refsource_BID

http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd

x_refsource_CONFIRM

openSUSE-SU-2012:1461

vendor-advisory

x_refsource_SUSE

50734

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2012:1421

vendor-advisory

x_refsource_SUSE

[oss-security] 20121027 CVE Request: cgit command injection

mailing-list

x_refsource_MLIST

[oss-security] 20121028 Re: CVE Request: cgit command injection

mailing-list

x_refsource_MLIST

cgit-syntaxhighlighting-command-exec(79665)

vdb-entry

x_refsource_XF

51222

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2012:1460

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2012:1422

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-4548

Description

Affected Products

References