CVE-2014-9390
Malicious Git And Mercurial HTTP Server For CVE-2014-9390
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
Git versiones anteriores a 1.8.5.6, versiones 1.9.x anteriores a 1.9.5, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.4 y versiones 2.2.x anteriores a 2.2.1 en Windows y OS X; Mercurial versiones anteriores a 3.2.3 en Windows y OS X; Apple Xcode versiones anteriores a 6.2 beta 3; mine todas las versiones antes del 08-12-2014; libgit2 todas las versiones hasta 0.21. 2; Egit todas las versiones anteriores al 08-12-2014; y JGit todas las versiones anteriores al 08-12-2014 permiten a los servidores Git remotos ejecutar comandos arbitrarios por medio de un árbol que contiene un archivo .git/config diseñado con (1) un punto de código Unicode ignorable, (2) una representación git~1/config, o (3) mayúsculas y minúsculas que no son manejadas apropiadamente en un sistema de archivos insensible a mayúsculas y minúsculas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-12-17 CVE Reserved
- 2014-12-20 CVE Published
- 2024-06-25 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (16)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://news.ycombinator.com/item?id=8769667 | 2021-05-17 |
| URL | Date | SRC |
|---|---|---|
| http://support.apple.com/kb/HT204147 | 2021-05-17 | |
| https://github.com/blog/1938-git-client-vulnerability-announced | 2021-05-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | < 1.8.5.6 Search vendor "Git-scm" for product "Git" and version " < 1.8.5.6" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | < 1.8.5.6 Search vendor "Git-scm" for product "Git" and version " < 1.8.5.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 1.9.0 < 1.9.5 Search vendor "Git-scm" for product "Git" and version " >= 1.9.0 < 1.9.5" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 1.9.0 < 1.9.5 Search vendor "Git-scm" for product "Git" and version " >= 1.9.0 < 1.9.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.0.0 < 2.0.5 Search vendor "Git-scm" for product "Git" and version " >= 2.0.0 < 2.0.5" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.0.0 < 2.0.5 Search vendor "Git-scm" for product "Git" and version " >= 2.0.0 < 2.0.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.1.0 < 2.1.4 Search vendor "Git-scm" for product "Git" and version " >= 2.1.0 < 2.1.4" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.1.0 < 2.1.4 Search vendor "Git-scm" for product "Git" and version " >= 2.1.0 < 2.1.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.2.0 < 2.2.1 Search vendor "Git-scm" for product "Git" and version " >= 2.2.0 < 2.2.1" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Git-scm Search vendor "Git-scm" | Git Search vendor "Git-scm" for product "Git" | >= 2.2.0 < 2.2.1 Search vendor "Git-scm" for product "Git" and version " >= 2.2.0 < 2.2.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Mercurial Search vendor "Mercurial" | Mercurial Search vendor "Mercurial" for product "Mercurial" | < 3.2.3 Search vendor "Mercurial" for product "Mercurial" and version " < 3.2.3" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Mercurial Search vendor "Mercurial" | Mercurial Search vendor "Mercurial" for product "Mercurial" | < 3.2.3 Search vendor "Mercurial" for product "Mercurial" and version " < 3.2.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Apple Search vendor "Apple" | Xcode Search vendor "Apple" for product "Xcode" | <= 6.1.1 Search vendor "Apple" for product "Xcode" and version " <= 6.1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Xcode Search vendor "Apple" for product "Xcode" | 6.2 Search vendor "Apple" for product "Xcode" and version "6.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Xcode Search vendor "Apple" for product "Xcode" | 6.2 Search vendor "Apple" for product "Xcode" and version "6.2" | beta_2 |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Egit Search vendor "Eclipse" for product "Egit" | < 08-12-2014 Search vendor "Eclipse" for product "Egit" and version " < 08-12-2014" | - |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Jgit Search vendor "Eclipse" for product "Jgit" | < 3.4.2 Search vendor "Eclipse" for product "Jgit" and version " < 3.4.2" | - |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Jgit Search vendor "Eclipse" for product "Jgit" | >= 3.5.0 < 3.5.3 Search vendor "Eclipse" for product "Jgit" and version " >= 3.5.0 < 3.5.3" | - |
Affected
| ||||||
| Libgit2 Search vendor "Libgit2" | Libgit2 Search vendor "Libgit2" for product "Libgit2" | < 0.21.3 Search vendor "Libgit2" for product "Libgit2" and version " < 0.21.3" | - |
Affected
| ||||||