Home

CVE-2014-9390

Description

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
59.96

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2014-9390 are fixed in Eclipse-org.eclipse.jgit 3.5.3Windows
Vulnerabilities CVE-2014-9390 are affected in Git (X64) 1.8.5.5Windows
Vulnerabilities CVE-2014-9390,CVE-2016-9274 are affected in Git (X64) 1.9.4Windows
Vulnerabilities CVE-2014-9390 are affected in Git (X64) 2.0.4Windows
Vulnerabilities CVE-2014-9390 are affected in Git (X64) 2.1.3Windows
Vulnerabilities CVE-2014-9390 are affected in Git (X64) 2.2.0-rc3Windows
Vulnerabilities CVE-2014-9390 are affected in Git 1.8.5.5Windows
Vulnerabilities CVE-2014-9390,CVE-2016-9274 are affected in Git 1.9.4Windows
Vulnerabilities CVE-2014-9390 are affected in Git 2.0.4Windows
Vulnerabilities CVE-2014-9390 are affected in Git 2.1.3Windows
Vulnerabilities CVE-2014-9390 are affected in Git 2.2.0-rc3Windows
Vulnerabilities CVE-2014-9390 are fixed in Python-mercurial 3.2.3Windows
Multiple Vulnerabilities are affected in Command Line Tools for XCode for Mac 6.1.1Mac
Vulnerabilities CVE-2014-9390 are affected in Command Line Tools for XCode for Mac 6.2Mac
Vulnerabilities CVE-2014-9390 are affected in Command Line Tools for XCode for Mac 6.2.beta_2Mac
fast, scalable, distributed revision control system (USN-2470-1) git_1.9.1-1ubuntu0.2_i386.debLinux
fast, scalable, distributed revision control system (USN-2470-1) git_1.9.1-1ubuntu0.2_amd64.debLinux
fast, scalable, distributed revision control system (USN-2470-1) git_1.7.9.5-1ubuntu0.2_i386.debLinux
fast, scalable, distributed revision control system (USN-2470-1) git_1.7.9.5-1ubuntu0.2_amd64.debLinux
Git19-git update (ELSA-2015-2515) git19-git-1.9.4-3.el6.1.x86_64.rpmLinux
Git19-git-daemon update (ELSA-2015-2515) git19-git-daemon-1.9.4-3.el6.1.x86_64.rpmLinux
Git19-git-svn update (ELSA-2015-2515) git19-git-svn-1.9.4-3.el6.1.x86_64.rpmLinux
Git19-emacs-git update (ELSA-2015-2515) git19-emacs-git-1.9.4-3.el6.1.noarch.rpmLinux
Git19-emacs-git-el update (ELSA-2015-2515) git19-emacs-git-el-1.9.4-3.el6.1.noarch.rpmLinux
Git19-git-all update (ELSA-2015-2515) git19-git-all-1.9.4-3.el6.1.noarch.rpmLinux
Git19-git-cvs update (ELSA-2015-2515) git19-git-cvs-1.9.4-3.el6.1.noarch.rpmLinux
Git19-git-email update (ELSA-2015-2515) git19-git-email-1.9.4-3.el6.1.noarch.rpmLinux
Git19-git-gui update (ELSA-2015-2515) git19-git-gui-1.9.4-3.el6.1.noarch.rpmLinux
Git19-gitk update (ELSA-2015-2515) git19-gitk-1.9.4-3.el6.1.noarch.rpmLinux
Git19-gitweb update (ELSA-2015-2515) git19-gitweb-1.9.4-3.el6.1.noarch.rpmLinux
Git19-perl-Git update (ELSA-2015-2515) git19-perl-Git-1.9.4-3.el6.1.noarch.rpmLinux
Git19-perl-Git-SVN update (ELSA-2015-2515) git19-perl-Git-SVN-1.9.4-3.el6.1.noarch.rpmLinux
Git19-git update (ELSA-2015-2515) git19-git-1.9.4-3.el7.1.x86_64.rpmLinux
Git19-git-daemon update (ELSA-2015-2515) git19-git-daemon-1.9.4-3.el7.1.x86_64.rpmLinux
Git19-git-svn update (ELSA-2015-2515) git19-git-svn-1.9.4-3.el7.1.x86_64.rpmLinux
Git19-emacs-git update (ELSA-2015-2515) git19-emacs-git-1.9.4-3.el7.1.noarch.rpmLinux
Git19-emacs-git-el update (ELSA-2015-2515) git19-emacs-git-el-1.9.4-3.el7.1.noarch.rpmLinux
Git19-git-all update (ELSA-2015-2515) git19-git-all-1.9.4-3.el7.1.noarch.rpmLinux
Git19-git-bzr update (ELSA-2015-2515) git19-git-bzr-1.9.4-3.el7.1.noarch.rpmLinux
Git19-git-cvs update (ELSA-2015-2515) git19-git-cvs-1.9.4-3.el7.1.noarch.rpmLinux
Git19-git-email update (ELSA-2015-2515) git19-git-email-1.9.4-3.el7.1.noarch.rpmLinux
Git19-git-gui update (ELSA-2015-2515) git19-git-gui-1.9.4-3.el7.1.noarch.rpmLinux
Git19-git-hg update (ELSA-2015-2515) git19-git-hg-1.9.4-3.el7.1.noarch.rpmLinux
Git19-gitk update (ELSA-2015-2515) git19-gitk-1.9.4-3.el7.1.noarch.rpmLinux
Git19-gitweb update (ELSA-2015-2515) git19-gitweb-1.9.4-3.el7.1.noarch.rpmLinux
Git19-perl-Git update (ELSA-2015-2515) git19-perl-Git-1.9.4-3.el7.1.noarch.rpmLinux
Git19-perl-Git-SVN update (ELSA-2015-2515) git19-perl-Git-SVN-1.9.4-3.el7.1.noarch.rpmLinux
Vulnerabilities CVE-2014-9390 are fixed in Eclipse-org.eclipse.jgit for Linux 3.5.3Linux
Vulnerabilities CVE-2014-9390 are fixed in Python-mercurial for linux 3.2.3Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-352878Git (x64) (2.51.2)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-350752Git (2.50.1)
PATCH-607901Command Line Tools for XCode for Mac 15.3 (Deployment-Only)
PATCH-607901Command Line Tools for XCode for Mac 15.3 (Deployment-Only)
PATCH-607901Command Line Tools for XCode for Mac 15.3 (Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234