Remote Code Execution on Git.imgur-dev.com
Critical
I
Imgur
Submitted None
Actions:
Reported by
orange
Vulnerability Details
Technical details and impact analysis
Hi, Imgur Security Team:
I just found that your GitHub Enterprise Server(https://git.imgur-dev.com/) didn't patch to the latest version(2.8.7). And there is a Rails static key leads to RCE vulnerability!
You can see the PoC from my screenshots :)
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Code Injection