| Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling 'git config'. This allows an attacker to set the option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. |
