Re: Gitview Shell Injection Vulnerability

2016-12-27 Thread Jeff King
On Tue, Dec 27, 2016 at 10:45:58AM -0800, Stefan Beller wrote: > > I expect that things that start their life in the contrib/ area > > to graduate out of contrib/ once they mature, either by becoming > > projects on their own, or moving to the toplevel directory. On > > the other hand, I expect I

Re: Gitview Shell Injection Vulnerability

2016-12-27 Thread Stefan Beller
+cc the author of gitview On Tue, Dec 27, 2016 at 12:29 AM, Javantea wrote: > I have found a shell injection vulnerability in contrib/gitview/gitview. > > Gitview Shell Injection Vulnerability > > Versions affected: 8cb711c8a5-1d1bdafd64 (<=2.11.0) > > Gitview execu

Gitview Shell Injection Vulnerability

2016-12-27 Thread Javantea
I have found a shell injection vulnerability in contrib/gitview/gitview. Gitview Shell Injection Vulnerability Versions affected: 8cb711c8a5-1d1bdafd64 (<=2.11.0) Gitview executes shell commands using string concatenation with user supplied data, filenames and branch names. Running Gitview