Vulnerabilities > Redmine > Redmine GIT Hosting Plugin > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-28 | CVE-2013-4663 | Command Injection vulnerability in Redmine GIT Hosting Plugin git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | 7.5 |