Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlist gitlist - |