Aymanbagabas

**Name of the Vulnerable Software and Affected Versions** Soft Serve versions prior to 0.8.2 **Description** Soft Serve is a self-hostable Git server for the command line. A path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user can modify, delete, and access repositories arbitrarily as if they were an admin user without explicitly giving them permissions. **Recommendations** For versions prior to 0.8.2, upgrade to version 0.8.2 to patch the vulnerability. As a temporary workaround for multi-user set-ups, consider disabling repository creation for users until the upgrade is applied. Single user set-ups are not affected and do not require any action.