Description
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by drone · pythonremotemultiple
https://www.exploit-db.com/exploits/33929
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://hatriot.github.io/blog/2014/06/29/gitlist-rce/
Scores
EPSS
0.0378
EPSS Percentile
88.1%
Details
Status
published
Products (1)
gitlist/gitlist
Published
Jul 22, 2014
Tracked Since
Feb 18, 2026