Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links in Git repositories. A remote attacker could possibly use this issue to cause Pagure to expose files outside the intended repository boundaries. (CVE-2024-4981)
Thomas Chauchefoin discovered that Pagure did not properly sanitize path inputs. A remote attacker could possibly use this issue to read arbitrary files. (CVE-2024-4982)
Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links during repository archiving. A remote attacker could possibly use this issue to disclose local files on the server. (CVE-2024-47515)
Thomas Chauchefoin discovered that Pagure incorrectly handled certain inputs. A remote attacker could possibly use this issue to execute arbitrary code on the server. (CVE-2024-47516)
5.11.3+dfsg-1ubuntu0.15.11.3+dfsg-2.1ubuntu0.25.8.1+dfsg-3ubuntu0.1~esm1