|    |    |    | Today: 26-May-2019 |

Git cvsserver Remote Command Execution

September 28, 2017 | Posted in ExploitAlert

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 are affected.


Source: Git cvsserver Remote Command Execution

Taged in: Exploit