{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5916", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "git-gitweb-privilege-escalation(47528)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47528" }, { "name": "[oss-security] 20090120 Re: CVE request -- git", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/01/20/2" }, { "name": "50918", "refsource": "OSVDB", "url": "http://osvdb.org/50918" }, { "name": "33282", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33282" }, { "name": "GLSA-200903-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml" }, { "name": "34194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34194" }, { "name": "33964", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33964" }, { "name": "[oss-security] 20090115 CVE request -- git", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/01/15/2" }, { "name": "[linux-kernel] 20081220 [Security] gitweb local privilege escalation (fix)", "refsource": "MLIST", "url": "http://marc.info/?l=linux-kernel&m=122975564100863&w=2:" }, { "name": "FEDORA-2008-11650", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html" }, { "name": "FEDORA-2008-11653", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html" }, { "name": "4922", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4922" }, { "name": "[git] 20081220 [Security] gitweb local privilege escalation (fix)", "refsource": "MLIST", "url": "http://marc.info/?l=git&m=122975564100860&w=2" }, { "name": "USN-723-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-723-1" } ] } }