Product
lars hjemli cgit
9 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2018-14912
CVE-2016-1901
CVE-2016-1900
CVE-2016-1899
CVE-2013-2117
CVE-2012-4548
CVE-2012-4465
CVE-2011-2711
CVE-2011-1027
< 1.2.1
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when
enable-http-clone=1 is not turned off, as d<= 0.11.2
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a la
<= 0.11.2
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers wi
<= 0.11.2
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers a
all versions
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is se
<= 0.9.0.3
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permis
<= 0.9.0.3
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to ca
<= 0.9.0.2
Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote aut
<= 0.8.3.4
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cau