Novell Home

CVE-2012-4548

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-4548 at MITRE

Description

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.

NVD CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 787074

SUSE Security Advisories:

© 2014 Novell