Cross-site scripting (XSS) flaw was found in the web
interface of Git distributed revision control system.
A remote attacker could use this flaw to execute arbitrary
HTML or scripting code by providing a certain URL
with specially-crafted values of f and fp variables.
Public PoC (from ):
[XSS] => "><body onload="alert('xss')"> <a
Emanuele 'emgent' Gentili
This issue affects the version of the git package, as shipped
with Red Hat Enterprise Linux 6.
This issue affects the versions of the git package, as shipped
with Fedora release of 13 and 14.
This issue affects the versions of the git package, as present
within EPEL-4 and EPEL-5 repositories.
Please schedule an update.
Created git tracking bugs for this issue
Affects: fedora-all [bug 663612]
Announcement of versions that fix this issue:
Fixed in: 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2010:1003 https://rhn.redhat.com/errata/RHSA-2010-1003.html