Vulnerabilities > Gitolite > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-07 CVE-2010-2447 Improper Input Validation vulnerability in Gitolite
gitolite before 1.4.1 does not filter src/ or hooks/ from path names.
network
low complexity
gitolite CWE-20
critical
 9.8
9.8
2018-09-21 CVE-2013-4451 Permissions, Privileges, and Access Controls vulnerability in Gitolite
gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.
network
low complexity
gitolite CWE-264
critical
 9.8
9.8