Data Processing Errors

CVE-2014-9706

High

7.5/10

Summary

The build_index_from_tree function in index.py in Dulwich before 0.10 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-19 - Data Processing Errors

Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

References

Mail Thread

Advisory Timeline

Published Mar 31, 2015

Data Processing Errors

CVE-2014-9706

Summary

CWE-19 - Data Processing Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS