| Name | CVE-2018-14912 |
| Description | cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-1459-1, DSA-4263-1 |
| Debian Bugs | 905382 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| cgit (PTS) | jessie, jessie (lts) | 0.10.2.git2.0.1-3+deb8u2 | fixed |
| stretch (security), stretch (lts), stretch | 1.1+git2.10.2-3+deb9u1 | fixed |
| buster | 1.2.1+git2.18.0-1 | fixed |
| bullseye | 1.2.3+git2.25.1-1 | fixed |
| bookworm | 1.2.3+git20221219.50.91f2590+git2.39.1-1 | fixed |
| sid, trixie | 1.2.3+git20240802.70.09d24d7+git2.46.0-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| cgit | source | jessie | 0.10.2.git2.0.1-3+deb8u2 | | DLA-1459-1 | |
| cgit | source | stretch | 1.1+git2.10.2-3+deb9u1 | | DSA-4263-1 | |
| cgit | source | (unstable) | 1.1+git2.10.2-3.1 | | | 905382 |
Notes
https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680