Search for packages
| purl | pkg:deb/debian/dulwich@0.16.3-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-wegc-1zcu-qygw
Aliases: CVE-2017-16228 GHSA-cwwh-4382-6fwr PYSEC-2017-12 |
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-74n4-53mc-2uc3 | The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree. |
CVE-2014-9706
GHSA-4j5j-58j7-6c3w PYSEC-2015-34 |
| VCID-duga-b9sn-b7fc | Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. |
CVE-2015-0838
GHSA-vjjf-3rvg-gv3v PYSEC-2015-35 |
| VCID-j1c4-rux6-wygr | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. |
CVE-2014-9390
GHSA-6vvc-c2m3-cjf3 PYSEC-2020-217 |