GitList blame resource command injection

Added: 07/14/2014
CVE: CVE-2014-4511
BID: 68253
OSVDB: 108504

Background

GitList is a web-based git repository viewer.

Problem

A vulnerability in GitList allows remote attackers to execute arbitrary commands by sending a specially crafted request for the blame resource.

Resolution

Upgrade to GitList 0.5.0 or higher.

References

http://hatriot.github.io/blog/2014/06/29/gitlist-rce/

Limitations

The URL path to a gitlist repository must be known.

Platforms

Linux

Back to exploit index