VYPR
Unrated severityNVD Advisory· Published Oct 22, 2012· Updated Jun 16, 2026

CVE-2012-4506

CVE-2012-4506

Description

Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Gitolite/Gitolite6 versions
    cpe:2.3:a:gitolite:gitolite:3.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:gitolite:gitolite:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitolite:gitolite:3.02:*:*:*:*:*:*:*
    • cpe:2.3:a:gitolite:gitolite:3.03:*:*:*:*:*:*:*
    • cpe:2.3:a:gitolite:gitolite:3.04:*:*:*:*:*:*:*
    • cpe:2.3:a:sitaram_chamarty:gitolite:3.01:*:*:*:*:*:*:*
    • (no CPE)range: >=3.0, <3.1

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.