CVE-2010-0394
trac-git < 0.0.20080710 - Remote Code Execution via Shell Metacharacters in HTTP Query
Title source: llmDescription
PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.
References (6)
Core 6
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567039
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38325
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38076
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-1990
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56105
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/62147
Scores
EPSS
0.0337
EPSS Percentile
87.4%
Details
CWE
CWE-20
Status
published
Products (1)
nanosleep/trac-git
< 0.0.20080710
Published
Feb 10, 2010
Tracked Since
Feb 18, 2026