The GitController in Jakub Chodounsky Bonobo Git Server 6.3.0 allows execution of arbitrary commands in the context of the web server via a crafted http request.
private ActionResult GetInfoRefs(String repositoryName, String service) calls
GitService.ExecuteServiceByName(…) without sanitizing user supplied
string serviceName. Succesfull exploitation process involves creation of the new repository, management of repository configuration and executing arbitrary command through
The issue is fixed in version 6.5.0.