cbcvebase.

Cgit Project Cgit vulnerabilities

4 known vulnerabilities affecting cgit_project/cgit.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1LOW2

Vulnerabilities

Page 1 of 1
CVE-2018-14912P1HIGHCVSS 7.5ExploitedPoCfixed in 1.2.12018-08-03
CVE-2018-14912 [HIGH] CWE-22 CVE-2018-14912: cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-cl cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
nvdosv
CVE-2016-1901P3CRITICALCVSS 9.8≤ 0.11.22016-01-20
CVE-2016-1901 [CRITICAL] CWE-119 CVE-2016-1901: Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to ha Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
nvdosv
CVE-2016-1900P4LOWCVSS 3.7≤ 0.11.22016-01-20
CVE-2016-1900 [LOW] CVE-2016-1900: CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0 CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
nvdosv
CVE-2016-1899P4LOWCVSS 3.7≤ 0.11.22016-01-20
CVE-2016-1899 [LOW] CVE-2016-1899: CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to i CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
nvdosv
Cgit Project Cgit vulnerabilities | cvebase