CVE-2015-0850

critical

Published 2015-06-02 · Modified 2026-05-06

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@debian.org — https://fusionforge.org/forum/forum.php?forum_id=41

Application impact

Vendor	Product	Versions	Fixed
fusionforge	fusionforge	`{"endIncluding":"6.0"}`

References

http://www.debian.org/security/2015/dsa-3275
https://fusionforge.org/forum/forum.php?forum_id=41
http://www.debian.org/security/2015/dsa-3275
https://fusionforge.org/forum/forum.php?forum_id=41

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.