CVE-2012-4548

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the –plug-in argument to the highlight command.

Date published : 2012-11-11

http://www.securityfocus.com/bid/56315

http://git.zx2c4.com/cgit/commit/?id=7ea35f9f8ecf61ab42be9947aae1176ab6e089bd