CVE-2014-9706CVE-2014-9706

Affected configuration(s):

cpe:/a:dulwich_project:dulwich:0.9.8
cpe:/o:debian:debian_linux:7.0

Date published: 2015-03-31T10:59:04.860-04:00

Date last modified: 2015-04-14T22:02:05.720-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154523.html

Summary: The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.