{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T01:24:42.576","vulnerabilities":[{"cve":{"id":"CVE-2022-41943","sourceIdentifier":"security-advisories@github.com","published":"2022-11-22T19:15:18.110","lastModified":"2024-11-21T07:24:07.363","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0."},{"lang":"es","value":"sourcegraph es una plataforma de inteligencia de código. Como administrador del sitio, era posible ejecutar comandos arbitrarios en Gitserver cuando la función experimental \"customGitFetch\" estaba habilitada. Esta función experimental ahora se ha desactivado de forma predeterminada. Este problema se solucionó en la versión 4.1.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sourcegraph:sourcegraph:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.0","matchCriteriaId":"BA55E579-49E4-47DD-BD60-FC3DFE4E23D0"}]}]}],"references":[{"url":"https://github.com/sourcegraph/sourcegraph/pull/42704","source":"security-advisories@github.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-4qhq-4x4h-fxm8","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/sourcegraph/sourcegraph/pull/42704","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-4qhq-4x4h-fxm8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}