ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
Software | From | Fixed in |
---|---|---|
viewvc / viewvc | 1.0.2 | 1.0.2.x |
viewvc / viewvc | 1.0.3 | 1.0.3.x |