Main Vulnerability Database SB2012111706

SB2012111706 - Fedora EPEL 6 update for cgit

Published: November 17, 2012 Updated: April 24, 2025

Security Bulletin ID SB2012111706

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2012-4548)

The vulnerability allows a remote #AU# to read and manipulate data.

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. Per http://cwe.mitre.org/data/definitions/88.html'CWE-88: Argument Injection or Modification'

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2012-13495