Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sourcegraph vulnerable to Comand Injection via gitserver
Vulnerability Description
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Sourcegraph 操作系统命令注入漏洞
Vulnerability Description
Sourcegraph是美国Sourcegraph公司的一款开源的代码搜索和导航工具。 Sourcegraph 4.1.0之前版本存在操作系统命令注入漏洞,该漏洞源于缺少对/list-gitolite端点主机参数的输入验证,存在命令注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A