CVE-2016-1899

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.

References

Affected packages

Git / git.zx2c4.com/cgit

Affected ranges

Type: GIT
Repo: http://git.zx2c4.com/cgit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Git / git.zx2c4.com/cgit

Affected ranges

Type: GIT
Repo: https://git.zx2c4.com/cgit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1c581a072651524f3b0d91f33e22a42c4166dd96

Affected versions

v0.*

v0.1

v0.10

v0.10.1

v0.10.2

v0.11.0

v0.11.1

v0.11.2

v0.2

v0.3

v0.4

v0.5

v0.6

v0.6.1

v0.6.2

v0.6.3

v0.7

v0.7.1

v0.7.2

v0.8

v0.8.1

v0.8.1.1

v0.8.2

v0.8.2.1

v0.8.2.2

v0.8.3

v0.8.3.1

v0.8.3.2

v0.8.3.3

v0.8.3.4

v0.8.3.5

v0.9

v0.9.0.1

v0.9.0.2

v0.9.0.3

v0.9.1

v0.9.2

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "source": "https://git.zx2c4.com/cgit@1c581a072651524f3b0d91f33e22a42c4166dd96",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2016-1899-08c54de6",
        "digest": {
            "line_hashes": [
                "307136254456730163765368824654572399851",
                "123347878746130227057849418693629089715",
                "90482116329366804469546560834053768068",
                "255221238176748584818366218199878161804"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "ui-blob.c"
        }
    },
    {
        "signature_type": "Line",
        "source": "https://git.zx2c4.com/cgit@1c581a072651524f3b0d91f33e22a42c4166dd96",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2016-1899-3bece554",
        "digest": {
            "line_hashes": [
                "101173779907320941802641747240143240464",
                "41346293805211059047168338396877277820",
                "137865317403542991455470481061731374896",
                "118258220666647047474249693392782549808"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "cgit.h"
        }
    },
    {
        "signature_type": "Function",
        "source": "https://git.zx2c4.com/cgit@1c581a072651524f3b0d91f33e22a42c4166dd96",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2016-1899-7e9b8f7f",
        "digest": {
            "length": 1421.0,
            "function_hash": "182798090272673880455268656542035352129"
        },
        "target": {
            "file": "ui-blob.c",
            "function": "cgit_print_blob"
        }
    },
    {
        "signature_type": "Line",
        "source": "https://git.zx2c4.com/cgit@1c581a072651524f3b0d91f33e22a42c4166dd96",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2016-1899-ecab8aab",
        "digest": {
            "line_hashes": [
                "191341538751499768014761671572845968420",
                "181071091347816295063874276152688780859",
                "79918251570343766929195608532555849915",
                "75253324951123922116191460458354673606",
                "136380348269258387393454349888230731941"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "cgit.c"
        }
    },
    {
        "signature_type": "Function",
        "source": "https://git.zx2c4.com/cgit@1c581a072651524f3b0d91f33e22a42c4166dd96",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2016-1899-edbf696f",
        "digest": {
            "length": 2190.0,
            "function_hash": "36367758278550469187337439793545489988"
        },
        "target": {
            "file": "cgit.c",
            "function": "querystring_cb"
        }
    }
]