V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2008-5517
DEB
HighConfirmedExploit available

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related…

CVSS
7.5
High
EPSS
0.12
p95
Published
2008-01-01
Updated
2008-01-01
Description

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.

Tags · CWE
CWE-94
CAPEC-35
CAPEC-77
CAPEC-242
Affected products
Git
CVSS vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Timeline
2008-01-01
Published
2008-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.119 · p95
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-35 · CWE-94
└ via CAPEC-35 · CWE-94
└ via CAPEC-35 · CWE-94
Known exploits — Сканер-ВС
11497
exploitdb · https://www.exploit-db.com/exploits/11497
Enterprise
Affected products
ProductVendorStatus
git-coreTracked
git-coreTracked
git*Tracked
Source databases
DEB
CVE
UBU
Related vulnerabilities