Your submission was sent successfully! Close

CVE-2008-5517

Published: 13 January 2009

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.

Priority

Medium

Status

Package Release Status
git-core
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(no gitweb)
gutsy
Released (1:1.5.2.5-2ubuntu0.1)
hardy
Released (1:1.5.4.3-1ubuntu2.1)
intrepid Not vulnerable
(1:1.5.6.3-1.1ubuntu2)
upstream
Released (1.6.0.6)