DSA-2215-1 gitolite -- directory traversalID: oval:org.secpod.oval:def:600228 | Date: (C)2011-04-19 (M)2022-10-10 |
Class: PATCH | Family: unix |
Dylan Simon discovered that gitolite, a SSH-based gatekeeper for git repositories, is prone to directory traversal attacks when restricting admin defined commands . This allows an attacker to execute arbitrary commands with privileges of the gitolite server via crafted command names. Please note that this only affects installations that have ADC enabled . The oldstable distribution is not affected by this problem, it does not include gitolite.