CVE-2011-1572

gitolite < 1.5.9 - Remote Command Execution via Admin Defined Commands Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.

References (8)

Core 8
Core References
Patch mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2011/q2/209
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2215
Patch mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2011/q2/197
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46473
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65542

Scores

EPSS 0.0292
EPSS Percentile 85.3%

Details

CWE
CWE-22
Status published
Products (26)
gitolite/gitolite 0.50
gitolite/gitolite 0.55
gitolite/gitolite 0.60
gitolite/gitolite 0.65
gitolite/gitolite 0.70
gitolite/gitolite 0.80
gitolite/gitolite 0.85
gitolite/gitolite 0.90
gitolite/gitolite 0.95
gitolite/gitolite 1.0 (2 CPE variants)
... and 16 more
Published Oct 04, 2011
Tracked Since Feb 18, 2026