git gitweb Remote System User Deterministic Unauthorized Access

Credit: rPath
Risk: High
Local: No
Remote: Yes

CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

rPath Security Advisory: 2009-0005-1 Published: 2009-01-13 Products: rPath Linux 2 Rating: Major Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: rPath Issue Tracking System: References: Description: In previous versions of the git package, insufficient quoting of shell characters allowed remote attackers to execute arbitrary commands via the git web interface. This has been resolved. Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top