Date published: 2015-03-31T10:59:04.860-04:00
Date last modified: 2015-04-14T22:02:05.720-04:00
CVSS Score: 7.5
Principal attack vector: NETWORK
Reference URL: http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.html
Summary: The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.