Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for cgit by cgit_project
FKIE_CVE-2018-14912
Vulnerability from fkie_nvd - Published: 2018-08-03 19:29 - Updated: 2024-11-21 03:50
Severity ?
Summary
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cgit_project | cgit | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C9DDFD-4294-46E7-9EDB-45865B1E0BED",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request."
},
{
"lang": "es",
"value": "cgit_clone_objects en CGit en versiones anteriores a la 1.2.1 tiene una vulnerabilidad de salto de directorio cuando \"enable-http-clone=1\" no est\u00e1 apagado, tal y como queda demostrado con una petici\u00f3n cgit/cgit.cgi/git/objects/?path=../."
}
],
"id": "CVE-2018-14912",
"lastModified": "2024-11-21T03:50:04.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-03T19:29:00.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45195/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-1901
Vulnerability from fkie_nvd - Published: 2016-01-20 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 22 | |
| cgit_project | cgit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3ADACB-C9F2-4EFB-8B07-AADA98BE5FA8",
"versionEndIncluding": "0.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n authenticate_post en CGit en versiones anteriores a 0.12 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un gran valor en la cabecera HTTP Content-Length, lo que desencadena un desbordamiento del buffer."
}
],
"id": "CVE-2016-1901",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-20T16:59:05.880",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-1900
Vulnerability from fkie_nvd - Published: 2016-01-20 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 22 | |
| cgit_project | cgit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3ADACB-C9F2-4EFB-8B07-AADA98BE5FA8",
"versionEndIncluding": "0.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en la funci\u00f3n cgit_print_http_headers en ui-shared.c en CGit en versiones anteriores a 0.12 permite a atacantes remotos con permisos para escribir en un repositorio inyectar cabeceras HTTP arbitrarias y realizar ataques de separaci\u00f3n de respuesta HTTP o ataques XSS a trav\u00e9s de caracteres de nueva l\u00ednea en un nombre de archivo."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/93.html\"\u003eCWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
"id": "CVE-2016-1900",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-20T16:59:04.910",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-1899
Vulnerability from fkie_nvd - Published: 2016-01-20 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 22 | |
| cgit_project | cgit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3ADACB-C9F2-4EFB-8B07-AADA98BE5FA8",
"versionEndIncluding": "0.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en el manejador ui-blob en CGit en versiones anteriores a 0.12 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de separaci\u00f3n de respuesta HTTP o ataques XSS a trav\u00e9s de secuencias CRLF en el par\u00e1metro mimetype, seg\u00fan lo demostrado por una petici\u00f3n ablob/cgit.c."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/93.html\"\u003eCWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
"id": "CVE-2016-1899",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-20T16:59:03.880",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-14912 (GCVE-0-2018-14912)
Vulnerability from cvelistv5 – Published: 2018-08-03 19:00 – Updated: 2024-08-05 09:46
VLAI?
Summary
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2018-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"name": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html",
"refsource": "MISC",
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14912",
"datePublished": "2018-08-03T19:00:00.000Z",
"dateReserved": "2018-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:46:25.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1901 (GCVE-0-2016-1901)
Vulnerability from cvelistv5 – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1901",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:40.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1899 (GCVE-0-2016-1899)
Vulnerability from cvelistv5 – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1899",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:40.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1900 (GCVE-0-2016-1900)
Vulnerability from cvelistv5 – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:39.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1900",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:39.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14912 (GCVE-0-2018-14912)
Vulnerability from nvd – Published: 2018-08-03 19:00 – Updated: 2024-08-05 09:46
VLAI?
Summary
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2018-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"name": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html",
"refsource": "MISC",
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14912",
"datePublished": "2018-08-03T19:00:00.000Z",
"dateReserved": "2018-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:46:25.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1901 (GCVE-0-2016-1901)
Vulnerability from nvd – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1901",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:40.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1899 (GCVE-0-2016-1899)
Vulnerability from nvd – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1899",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:40.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1900 (GCVE-0-2016-1900)
Vulnerability from nvd – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI?
Summary
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:39.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1900",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:39.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}