Cgit

CVEs (3)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-1901	Cri	0.64	9.8	0.04	Jan 20, 2016	Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
CVE-2016-1900	Low	0.24	3.7	0.01	Jan 20, 2016	CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
CVE-2016-1899	Low	0.24	3.7	0.01	Jan 20, 2016	CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.

CVE-2016-1901CriJan 20, 2016
risk 0.64cvss 9.8epss 0.04
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
CVE-2016-1900LowJan 20, 2016
risk 0.24cvss 3.7epss 0.01
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
CVE-2016-1899LowJan 20, 2016
risk 0.24cvss 3.7epss 0.01
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.