Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by cgit_project
CVE-2018-14912 (GCVE-0-2018-14912)
Vulnerability from cvelistv5 – Published: 2018-08-03 19:00 – Updated: 2024-08-05 09:46
VLAI
KEVintel KEV
Summary
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://www.exploit-db.com/exploits/45195/ | exploitx_refsource_EXPLOIT-DB |
| https://www.debian.org/security/2018/dsa-4263 | vendor-advisoryx_refsource_DEBIAN |
| https://bugs.chromium.org/p/project-zero/issues/d… | x_refsource_MISC |
| https://lists.zx2c4.com/pipermail/cgit/2018-Augus… | x_refsource_MISC |
Date Public
2018-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1459-1] cgit security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html"
},
{
"name": "45195",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45195/"
},
{
"name": "DSA-4263",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4263"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1627"
},
{
"name": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html",
"refsource": "MISC",
"url": "https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14912",
"datePublished": "2018-08-03T19:00:00.000Z",
"dateReserved": "2018-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:46:25.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1901 (GCVE-0-2016-1901)
Vulnerability from cvelistv5 – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI
Summary
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/14/3 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.zx2c4.com/pipermail/cgit/2016-Januar… | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://git.zx2c4.com/cgit/commit/?id=4458abf64172… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2016/01/14/6 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2016/dsa-3545 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1901",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:40.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1900 (GCVE-0-2016-1900)
Vulnerability from cvelistv5 – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI
Summary
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/14/3 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.zx2c4.com/pipermail/cgit/2016-Januar… | mailing-listx_refsource_MLIST |
| http://lists.zx2c4.com/pipermail/cgit/2016-Januar… | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://git.zx2c4.com/cgit/commit/?id=513b3863d999… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/01/14/6 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2016/dsa-3545 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:39.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1900",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:39.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1899 (GCVE-0-2016-1899)
Vulnerability from cvelistv5 – Published: 2016-01-20 16:00 – Updated: 2024-08-05 23:10
VLAI
Summary
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/14/3 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.zx2c4.com/pipermail/cgit/2016-Januar… | mailing-listx_refsource_MLIST |
| http://lists.zx2c4.com/pipermail/cgit/2016-Januar… | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://git.zx2c4.com/cgit/commit/?id=1c581a072651… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/01/14/6 | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2016/dsa-3545 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160114 CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/3"
},
{
"name": "openSUSE-SU-2016:0218",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00084.html"
},
{
"name": "[CGit] 20160114 [ANNOUNCE] CGIT v0.12 Released",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002817.html"
},
{
"name": "[CGit] 20160113 XSS in cgit",
"refsource": "MLIST",
"url": "http://lists.zx2c4.com/pipermail/cgit/2016-January/002790.html"
},
{
"name": "FEDORA-2016-e5a5fb196f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176198.html"
},
{
"name": "openSUSE-SU-2016:0196",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00067.html"
},
{
"name": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96",
"refsource": "CONFIRM",
"url": "http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96"
},
{
"name": "[oss-security] 20160114 Re: CVE Request: CGit - Multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/6"
},
{
"name": "DSA-3545",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3545"
},
{
"name": "FEDORA-2016-215b507409",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176167.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1899",
"datePublished": "2016-01-20T16:00:00.000Z",
"dateReserved": "2016-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:10:40.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}