Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0.
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:LSourcegraph
APPSourcegraph< 4.1.0
Related vulnerabilities
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on ...
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote ...
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is p...
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegrap...
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable ...