Impact
As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default.
Patches
This has been resolved in version 4.1.0.
References
For more information
If you have any questions or comments about this advisory email us at security@sourcegraph.com
Impact
As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental
customGitFetchfeature was enabled. This experimental feature has now been disabled by default.Patches
This has been resolved in version 4.1.0.
References
For more information
If you have any questions or comments about this advisory email us at security@sourcegraph.com