汇总 gitlist 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 输入验证问题,在 生产负载与软件部署 使用场景中可能带来 异常行为 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2018-1000533 | klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322. | [email protected] | 9.8 | 93.14% | 2018-06-26 | 2024-11-21 |
| CVE-2014-5023 | Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command. | [email protected] | 6.8 | 3.78% | 2014-07-22 | 2026-05-06 |
| CVE-2014-4511 | Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/. | [email protected] | 7.5 | 86.62% | 2014-07-22 | 2026-05-06 |
| CVE-2013-7392 | Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. | [email protected] | 7.5 | 8.71% | 2014-07-22 | 2026-05-06 |