medvednikov

/

gitlyx Public
0 commits 27 issues 3 pull requests 32 contributors Discussions Projects CI

[SECURITY] Several command injections #54

There are several command injection vulnerabilities in Gitly:

https://github.com/vlang/gitly/blob/d0e1f3ad2fa3d76306a3de11642f5ff50e9e9ede/src/repo_routes.v#L530-L543

https://github.com/vlang/gitly/blob/d0e1f3ad2fa3d76306a3de11642f5ff50e9e9ede/src/commit_routes.v#L87-L94

https://github.com/vlang/gitly/blob/d0e1f3ad2fa3d76306a3de11642f5ff50e9e9ede/src/repo_service.v#L659

I think there are more possible injection points so it is probably not enough to fix these parts only.

If possible, consider Adding a security policy to your repository in the future.