Summary
The upload-pack handler forwards client wants directly to pack generation without validating them against advertised refs. An attacker could request unreachable objects.
Lower priority for a read-only server without auth -- all objects are accessible to anyone who can clone.
Solution
Validate each want OID against the set of advertised refs before generating the pack.
Summary
The upload-pack handler forwards client
wantsdirectly to pack generation without validating them against advertised refs. An attacker could request unreachable objects.Lower priority for a read-only server without auth -- all objects are accessible to anyone who can clone.
Solution
Validate each want OID against the set of advertised refs before generating the pack.