Loading
gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.
Use CWE-264, Git vendor hub and Git product page to widen CVE-2008-5916 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2020-5260, CVE-2024-32002 and CVE-2022-25648 for nearby disclosures in the same product family.