← Back to CVE List

CVE-2022-41942

Published: 2022-11-22T19:15Z
Last Modified: 2024-11-21T07:24Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt