CVE-2008-5516 — OS Command Injection in GIT

CWE-78 — OS Command Injection CWE-2648 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Git-scm GIT GIT

Timeline

PublishedJan 20

Latest updateMay 13

Description

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgit/git98 versions+97

▶NVDgit-scm/git0.6.0, 0.7.0+1

🔴Vulnerability Details

GHSA

GHSA-932q-24j4-3r46: The web interface in git (gitweb) 1↗2022-05-13

▶

CVEList

CVE-2008-5516: The web interface in git (gitweb) 1↗2009-01-20

▶

💥Exploits & PoCs

Exploit-DB

gitWeb 1.5.2 - Remote Command Execution↗2010-02-18

▶

📋Vendor Advisories

Ubuntu

Git vulnerabilities↗2009-02-18

▶

Red Hat

git: gitweb multiple remote command injections (CVE-2008-5516 CVE-2008-5517)↗

▶

Red Hat

git: gitweb multiple remote command injections (CVE-2008-5516 CVE-2008-5517)↗

▶

💬Community

Bugzilla

git: gitweb multiple remote command injections (CVE-2008-5516 CVE-2008-5517)↗2009-01-12

▶