{"id":"CVE-2019-11217","details":"The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request.","modified":"2026-04-10T04:11:52.351186Z","published":"2019-04-24T20:29:00.453Z","references":[{"type":"ADVISORY","url":"https://bonobogitserver.com/changelog/#version-650"},{"type":"FIX","url":"https://flab.cesnet.cz/advisories/cve-2019-11217"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jakubgarfield/bonobo-git-server","events":[{"introduced":"0"},{"fixed":"aa5d7fc62714876693a06043e9d0861fd55b4be2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.5.0"}]}}],"versions":["3.4.2","3.4.3","3.5.0","3.6.0","4.0.0","5.0.0","5.0.1","5.1","5.1.1","6.0.0","6.1.0","6.2.0","v1.2.0","v1.3.0","v2.0","v2.0.1","v2.1","v3.0.0","v3.1.0","v3.2.0","v3.3.0","v3.4.0","v3.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11217.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}