CNNVD-202508-3200 Information

CNNVD ID

CNNVD-202508-3200

Related CVE

CVE-2025-50977

• CNNVD Published: 2025-08-27

Description (Chinese)

Gitblit是Gitblit的一个开源的纯 Java Git 解决方案，用于管理、查看和提供Git存储库。 Gitblit 1.7.1版本存在安全漏洞，该漏洞源于r参数处理不当，可能导致反射型跨站脚本攻击。

Description (English)

Gitblit is an open-source Java Git solution for Gitblit to manage, view and provide the Git repository. There is a security loophole in version 1.7.1 of Gitblit, which stems from the mishandling of r-parameters, which could lead to a reflective cross-script attack.

Hazard Level

High

Vulnerability Type

其他

Published

2025-08-27

Last Modified

2026-02-24

References

https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-angularjs-expression.md https://nvd.nist.gov/vuln/detail/CVE-2025-50977

Patch

https://www.gitblit.com/