[3.8] myrepos: missing URL sanitization (CVE-2018-7032)
webcheckout in myrepos through 1.20171231 does not sanitize URLs that
are passed to git clone, allowing a malicious website operator or a
MitM
attacker to take advantage of it for arbitrary code execution, as
demonstrated by an “ext::sh -c” attack or an option injection attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-7032
Patch:
(from redmine: issue id 9200, created on 2018-08-07, closed on 2018-08-23)
- Relations:
- copied_to #9199 (closed)
- parent #9199 (closed)
- Changesets:
- Revision b690195c by Fabian Affolter on 2018-08-22T09:47:43Z:
main/myrepos: upgrade to 1.20180726
fixes #9200
(cherry picked from commit 593b926a0233cbb19a47882bd2c22346cb7a5530)