{"url":"http://public2.vulnerablecode.io/api/packages/43299?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-1?distro=trixie","type":"deb","namespace":"debian","name":"gitolite3","version":"3.6.12-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.6.12-4","latest_non_vulnerable_version":"3.6.12-4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206241?format=json","vulnerability_id":"VCID-6e23-kums-bkgk","summary":"Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16976","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44705","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908699","reference_id":"908699","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908699"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43303?format=json","purl":"pkg:deb/debian/gitolite3@3.6.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43299?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43301?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-4%3Fdistro=trixie"}],"aliases":["CVE-2018-16976"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6e23-kums-bkgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213315?format=json","vulnerability_id":"VCID-c5xw-hjjc-9bhe","summary":"gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4451","reference_id":"","reference_type":"","scores":[{"value":"0.01316","scoring_system":"epss","scoring_elements":"0.80268","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4451"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43300?format=json","purl":"pkg:deb/debian/gitolite3@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43299?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43301?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-4%3Fdistro=trixie"}],"aliases":["CVE-2013-4451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5xw-hjjc-9bhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203136?format=json","vulnerability_id":"VCID-cj7e-fu45-k7fd","summary":"gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7203","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.2112","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7203"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43302?format=json","purl":"pkg:deb/debian/gitolite3@3.5.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.5.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43299?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43301?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-4%3Fdistro=trixie"}],"aliases":["CVE-2013-7203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj7e-fu45-k7fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206381?format=json","vulnerability_id":"VCID-t8dv-tdfk-6bh3","summary":"commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a \"bad\" impact by triggering use of an option other than -v, -n, -q, or -P.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20683","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20683"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20683","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20683"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918849","reference_id":"918849","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918849"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43304?format=json","purl":"pkg:deb/debian/gitolite3@3.6.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43299?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43301?format=json","purl":"pkg:deb/debian/gitolite3@3.6.12-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-4%3Fdistro=trixie"}],"aliases":["CVE-2018-20683"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8dv-tdfk-6bh3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitolite3@3.6.12-1%3Fdistro=trixie"}