漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Remote code execution via git push option injection in GitHub Enterprise Server
Vulnerability Description
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
GitHub Enterprise Server 安全漏洞
Vulnerability Description
GitHub Enterprise Server是美国GitHub开源的一个应用软件。提供一个将自己的GitHub实例设置为虚拟设备,从而提供可扩展,易于管理的平台。 GitHub Enterprise Server 3.14.24版本、3.15.19版本、3.16.15版本、3.17.12版本、3.18.6版本和3.19.3版本存在安全漏洞,该漏洞源于对推送选项值中和不当,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A