9.8

CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Git-scmGit Version < 1.8.5.6
   ApplemacOS X Version-
   MicrosoftWindows Version-
Git-scmGit Version >= 1.9.0 < 1.9.5
   ApplemacOS X Version-
   MicrosoftWindows Version-
Git-scmGit Version >= 2.0.0 < 2.0.5
   ApplemacOS X Version-
   MicrosoftWindows Version-
Git-scmGit Version >= 2.1.0 < 2.1.4
   ApplemacOS X Version-
   MicrosoftWindows Version-
Git-scmGit Version >= 2.2.0 < 2.2.1
   ApplemacOS X Version-
   MicrosoftWindows Version-
MercurialMercurial Version < 3.2.3
   ApplemacOS X Version-
   MicrosoftWindows Version-
AppleXCode Version <= 6.1.1
AppleXCode Version6.2 Update-
AppleXCode Version6.2 Updatebeta_2
EclipseEgit Version < 08-12-2014
EclipseJgit Version < 3.4.2
EclipseJgit Version >= 3.5.0 < 3.5.3
Libgit2Libgit2 Version < 0.21.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 63.18% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://mercurial.selenic.com/wiki/WhatsNew
Third Party Advisory
Release Notes
http://article.gmane.org/gmane.linux.kernel/1853266
Broken Link
http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html
Third Party Advisory
http://securitytracker.com/id?1031404
Third Party Advisory
VDB Entry
http://support.apple.com/kb/HT204147
Vendor Advisory
https://github.com/blog/1938-git-client-vulnerability-announced
Vendor Advisory
https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915
Third Party Advisory
https://libgit2.org/security/
Product
https://news.ycombinator.com/item?id=8769667
Patch
Third Party Advisory
Issue Tracking