CVE-2014-9706

Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 0.9.9

Description The issue allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree. This is due to a problem in the build index from tree function in index.py.

Recommendations For versions prior to 0.9.9, update to version 0.9.9 or later to resolve the issue. As a temporary workaround, consider restricting the handling of commits with directory paths starting with .git/ to minimize the risk of exploitation.