sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:LSourcegraph
APPSourcegraph< 4.1.0
Related vulnerabilities
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability exis...
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote ...
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is p...
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegrap...
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable ...