CNNVD-202508-3222 Information

Aug 27, 2025 cve

CNNVD ID

CNNVD-202508-3222

CVE-2025-50978

CNNVD Published: 2025-08-27

Description (Chinese)

Gitblit是Gitblit的一个开源的纯 Java Git 解决方案，用于管理、查看和提供Git存储库。 Gitblit v1.7.1版本存在安全漏洞，该漏洞源于仓库路径名处理不当，可能导致反射型跨站脚本攻击。

Description (English)

Gitblit is an open-source Java Git solution for Gitblit to manage, view and provide the Git repository. There is a security loophole in version Gitblit v1.7.1, which stems from the improper handling of the warehouse path name, which may lead to a reflective cross-site scrip attack.

Hazard Level

High

Vulnerability Type

其他

Published

2025-08-27

Last Modified

2026-02-24

References

https://github.com/4rdr/proofs/blob/main/info/gitblit-v1.7.1-reflected-XSS-via-filenames.md https://nvd.nist.gov/vuln/detail/CVE-2025-50978

Patch

https://www.gitblit.com/

Share on: