Headline
CVE-2022-41943: Add optional switch for disabling custom git fetch by evict · Pull Request #42704 · sourcegraph/sourcegraph
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.
Conversation
evict mentioned this pull request
Oct 7, 2022
evict and others added 7 commits
Oct 14, 2022
* switch to enable rather than disable env var
* add changelog entry
Co-authored-by: Vincent Ruijter [email protected]
evict deleted the vincent/optional-disable-custom-git-fetch branch
Oct 14, 2022
vovakulikov pushed a commit that referenced this pull request
Oct 17, 2022
* add env var for disabling customGitFetch
Co-authored-by: Warren Gifford [email protected] Co-authored-by: Dax McDonald [email protected]