CVE-2008-5916

Name of the Vulnerable Software and Affected Versions Git versions 1.6.x before 1.6.0.6 Git versions 1.5.6.x before 1.5.6.6 Git versions 1.5.5.x before 1.5.5.6 Git versions 1.5.4.x before 1.5.4.7 Git versions after 1.4.3

Description The issue allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For Git versions 1.6.x before 1.6.0.6, update to version 1.6.0.6 or later. For Git versions 1.5.6.x before 1.5.6.6, update to version 1.5.6.6 or later. For Git versions 1.5.5.x before 1.5.5.6, update to version 1.5.5.6 or later. For Git versions 1.5.4.x before 1.5.4.7, update to version 1.5.4.7 or later. For Git versions after 1.4.3, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the diff.external configuration variable to minimize the risk of exploitation.