DSA-1708 git-core -- shell command injectionID: oval:org.mitre.oval:def:7699 | Date: (C)2009-12-15 (M)2023-02-20 |
Class: PATCH | Family: unix |
It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities: Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality (CVE-2008-5916). Local users with write access to the configuration of a Git repository served by gitweb could cause gitweb to execute arbitrary shell commands with the permission of the web server (CVE-2008-5516, CVE-2008-5517).