webcheckout in myrepos up to and including 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM malicious user to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
myrepos project myrepos |