SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Sourcegraph Gitserver Remote Code Execution

Category: WEB-ATTACKS      

Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling 'git config'. This allows an attacker to set the option, which sets git to use the specified command instead of ssh when they need to connect to a remote system.


Relevant Information