Back to search
CVE-2016-1900
Published: Jan 20, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities
mailing-list
x_refsource_MLIST
openSUSE-SU-2016:0218
vendor-advisory
x_refsource_SUSE
[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released
mailing-list
x_refsource_MLIST
[CGit] 20160113 XSS in cgit
mailing-list
x_refsource_MLIST
FEDORA-2016-e5a5fb196f
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2016:0196
vendor-advisory
x_refsource_SUSE
[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities
mailing-list
x_refsource_MLIST
DSA-3545
vendor-advisory
x_refsource_DEBIAN
FEDORA-2016-215b507409
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now