CVE-2014-9390

Name of the Vulnerable Software and Affected Versions Git versions 1.8.5.6 and earlier, 1.9.x through 1.9.4, 2.0.x through 2.0.4, 2.1.x through 2.1.3, and 2.2.x through 2.2.0 Mercurial versions prior to 3.2.3 Apple Xcode versions prior to 6.2 beta 3 mine versions prior to 08-12-2014 libgit2 versions up to 0.21.2 Egit versions prior to 08-12-2014 JGit versions prior to 08-12-2014

Description The issue allows remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

Recommendations For Git versions 1.8.5.6 and earlier, 1.9.x through 1.9.4, 2.0.x through 2.0.4, 2.1.x through 2.1.3, and 2.2.x through 2.2.0, update to a version later than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4, or 2.2.1 respectively. For Mercurial versions prior to 3.2.3, update to version 3.2.3 or later. For Apple Xcode versions prior to 6.2 beta 3, update to version 6.2 beta 3 or later. For mine versions prior to 08-12-2014, update to a version released after 08-12-2014. For libgit2 versions up to 0.21.2, update to a version later than 0.21.2. For Egit versions prior to 08-12-2014, update to a version released after 08-12-2014. For JGit versions prior to 08-12-2014, update to a version released after 08-12-2014.