CVE-2014-9938
- EPSS 1.02%
- Published 20.03.2017 00:59:00
- Last modified 20.04.2025 01:37:25
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
- EPSS 35.46%
- Published 08.04.2016 14:59:02
- Last modified 12.04.2025 10:46:40
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
- EPSS 25.72%
- Published 08.04.2016 14:59:01
- Last modified 12.04.2025 10:46:40
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
CVE-2013-0308
- EPSS 1.96%
- Published 08.03.2013 21:55:03
- Last modified 11.04.2025 00:51:21
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve...
CVE-2010-3906
- EPSS 13.92%
- Published 17.12.2010 19:00:20
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
CVE-2010-2542
- EPSS 2.14%
- Published 11.08.2010 18:47:50
- Last modified 11.04.2025 00:51:21
Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
CVE-2008-5516
- EPSS 1.46%
- Published 20.01.2009 16:30:00
- Last modified 09.04.2025 00:30:58
The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.