CVE-2022-41943

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41943

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41943.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41943

Withdrawn

2024-08-20T01:44:42.736177Z

Published

2022-11-22T19:15:18Z

Modified

2024-05-14T12:21:19.880927Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.

References

Affected packages

Git / github.com/sourcegraph/sourcegraph

Affected ranges

Type: GIT
Repo: https://github.com/sourcegraph/sourcegraph
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1373d0b95fb59c1481b01932c32eafcac00ad5aa

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.2

v3.*

v3.0.0

v3.0.0-alpha.1

v3.0.0-alpha.10

v3.0.0-alpha.11

v3.0.0-alpha.12

v3.0.0-alpha.2

v3.0.0-alpha.3

v3.0.0-alpha.4

v3.0.0-alpha.5

v3.0.0-alpha.6

v3.0.0-alpha.7

v3.0.0-alpha.8

v3.0.0-alpha.9

v3.0.0-beta

v3.0.0-beta.2

v3.0.0-beta.4

v3.0.0-rc.1

v3.0.1-rc.1

v3.0.2

v3.1.0-rc.1

v3.10.0-rc.1

v3.11.0-rc.2

v3.13.0-rc.1

v3.14.0-rc.1

v3.15.0-rc.1

v3.16.0-rc.1

v3.17.0-rc.1

v3.20.0-rc.1

v3.21.0-rc.1

v3.22.0-rc.1

v3.23.0-rc.1

v3.24.0-rc.1

v3.25.0

v3.26.0

v3.26.0-rc.1

v3.27.0-rc.1

v3.27.0-rc.2

v3.27.0-rc.3

v3.27.0-rc.4

v3.28.0

v3.28.0-rc.1

v3.29.0

v3.29.0-rc.1

v3.3.0-rc.1

v3.30.0-rc.1

v3.31.0

v3.31.0-rc.1

v3.32.0-rc.1

v3.34.0-rc.1

v3.35.0

v3.35.0-rc.1

v3.36.0-rc.1

v3.37.0-rc.1

v3.38.0-rc.1

v3.38.0-rc.2

v3.38.0-rc.3

v3.38.0-rc.4

v3.39.0-rc.1

v3.4.0-rc.1

v3.40.0-rc.1

v3.41.0-rc.1

v3.42.0-rc.1

v3.43.0-rc.1

v3.5.0-rc.1

v3.6.0-rc.1

v3.7.0-rc.1

v3.8.0-rc.1

v3.8.0-rc.2

v3.9.0-rc.1

v3.9.0-rc.2

v4.*

v4.0.0-rc.1

v4.1.0-rc.1

v4.1.0-rc.2

v4.1.0-rc.3