Cross-Site Request Forgery (CSRF)

2021-09-0313:11:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

72.0%

JSON

git is vulnerable to cross-site request forgery. The vulnerability exists due to a lack of sanitization of repository path to contain a newline character.

CPENameOperatorVersion
git:sideq1:2.29.2-1
git:bullseyeeq1:2.29.2-1
git:sideq1:2.29.2-1
git:bullseyeeq1:2.29.2-1
git:bioniceq1:2.17.1-1ubuntu0.7
git:bioniceq1:2.17.0-1ubuntu1
git:focaleq1:2.25.1-1ubuntu3
git:3.12eq2.26.2-r0
git:3.12eq2.26.3-r0

Name	Operator	Version
git:sid	eq	1:2.29.2-1
git:bullseye	eq	1:2.29.2-1
git:sid	eq	1:2.29.2-1
git:bullseye	eq	1:2.29.2-1
git:bionic	eq	1:2.17.1-1ubuntu0.7
git:bionic	eq	1:2.17.0-1ubuntu1
git:focal	eq	1:2.25.1-1ubuntu3
git:3.12	eq	2.26.2-r0
git:3.12	eq	2.26.3-r0