Unrated severityNVD Advisory· Published Aug 14, 2020· Updated Sep 16, 2024
GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function
CVE-2020-9708
Description
The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Adobe/Helixv5Range: unspecified
Patches
Vulnerability mechanics
References
1- github.com/adobe/git-server/security/advisories/GHSA-cgj4-x2hh-2x93mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.