CVE-2013-2117

Name of the Vulnerable Software and Affected Versions cgit versions prior to 0.9.2

Description A directory traversal issue exists in the cgit parse readme function, allowing remote attackers to read arbitrary files. This occurs when a readme file is set to a filesystem path and the url parameter contains a .. (dot dot) sequence.

Recommendations For versions prior to 0.9.2, update to version 0.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgit parse readme function until a patch is available. Avoid using filesystem paths for readme files in the affected versions.