CVE-2012-4548

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
lars_hjemlicgit
𝑥
≤ 0.9.0.3
lars_hjemlicgit
0.1
lars_hjemlicgit
0.2
lars_hjemlicgit
0.3
lars_hjemlicgit
0.4
lars_hjemlicgit
0.5
lars_hjemlicgit
0.6
lars_hjemlicgit
0.6.1
lars_hjemlicgit
0.6.2
lars_hjemlicgit
0.6.3
lars_hjemlicgit
0.7
lars_hjemlicgit
0.7.1
lars_hjemlicgit
0.7.2
lars_hjemlicgit
0.8
lars_hjemlicgit
0.8.1
lars_hjemlicgit
0.8.1.1
lars_hjemlicgit
0.8.2
lars_hjemlicgit
0.8.2.1
lars_hjemlicgit
0.8.2.2
lars_hjemlicgit
0.8.3
lars_hjemlicgit
0.8.3.1
lars_hjemlicgit
0.8.3.2
lars_hjemlicgit
0.8.3.3
lars_hjemlicgit
0.8.3.4
lars_hjemlicgit
0.8.3.5
lars_hjemlicgit
0.9
lars_hjemlicgit
0.9.0.1
lars_hjemlicgit
0.9.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cgit
bullseye
1.2.3+git2.25.1-1
fixed
bookworm
1.2.3+git20221219.50.91f2590+git2.39.1-1
fixed
sid
1.2.3+git20240802.70.09d24d7+git2.46.0-1
fixed
trixie
1.2.3+git20240802.70.09d24d7+git2.46.0-1
fixed
References
http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html
http://secunia.com/advisories/50734
http://secunia.com/advisories/51167
http://secunia.com/advisories/51222
http://www.openwall.com/lists/oss-security/2012/10/28/1
http://www.openwall.com/lists/oss-security/2012/10/28/2
http://www.securityfocus.com/bid/56315
https://bugzilla.redhat.com/show_bug.cgi?id=870713
https://exchange.xforce.ibmcloud.com/vulnerabilities/79665
http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00004.html
http://secunia.com/advisories/50734
http://secunia.com/advisories/51167
http://secunia.com/advisories/51222
http://www.openwall.com/lists/oss-security/2012/10/28/1
http://www.openwall.com/lists/oss-security/2012/10/28/2
http://www.securityfocus.com/bid/56315
https://bugzilla.redhat.com/show_bug.cgi?id=870713
https://exchange.xforce.ibmcloud.com/vulnerabilities/79665