- Description
- PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nanosleep:trac-git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A33306AD-18B9-444C-B38B-C3CE8A8DDD72",
"versionEndIncluding": "0.0.20080710"
},
{
"criteria": "cpe:2.3:a:nanosleep:trac-git:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B37F646D-7A1D-4068-BD9A-B2DDE2F2F6F1",
"versionEndIncluding": "0.0.20090320"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:edgewall_software:trac:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F3F8AADF-D6AA-44E8-9F8C-7270355D434B"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]