cgit Project cgit 0.11.2

CPE Details

cgit Project cgit 0.11.2
cgit_project
cgit
0.11.2
2016-01-21
23h43 +00:00
2016-01-21
23h43 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cgit_project:cgit:0.11.2:*:*:*:*:*:*:*

Informations

Vendor

cgit_project

Product

cgit

Version

0.11.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-14912 2018-08-03 17h00 +00:00 cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
7.5
High
CVE-2016-1899 2016-01-20 15h00 +00:00 CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
3.7
Low
CVE-2016-1900 2016-01-20 15h00 +00:00 CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
3.7
Low
CVE-2016-1901 2016-01-20 15h00 +00:00 Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.