{"id":"CVE-2018-20683","details":"commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a \"bad\" impact by triggering use of an option other than -v, -n, -q, or -P.","modified":"2026-03-15T15:03:02.706052Z","published":"2019-01-10T01:29:00.237Z","related":["MGASA-2019-0058","openSUSE-SU-2019:0054-1","openSUSE-SU-2024:10789-1"],"references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/gitolite-announce/6xbjjmpLePQ"},{"type":"ADVISORY","url":"https://github.com/sitaramc/gitolite/blob/master/CHANGELOG"},{"type":"REPORT","url":"https://bugs.debian.org/918849"},{"type":"FIX","url":"https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sitaramc/gitolite","events":[{"introduced":"0"},{"fixed":"b49133dc5f49b12807165ed250307213c1ac0a53"},{"fixed":"5df2b817255ee919991da6c310239e08c8fcc1ae"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.6.11"}]}}],"versions":["v0.01","v0.02","v3.0","v3.01","v3.02","v3.03","v3.04","v3.1","v3.2","v3.3","v3.4","v3.5","v3.5.1","v3.5.2","v3.5.3","v3.5.3.1","v3.6","v3.6.1","v3.6.10","v3.6.2","v3.6.3","v3.6.4","v3.6.5","v3.6.6","v3.6.7","v3.6.8","v3.6.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20683.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}