VulnerableCode Package Details - pkg:deb/debian/jgit@3.4.0-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/jgit@3.4.0-2

Essentials
History (3)

purl	pkg:deb/debian/jgit@3.4.0-2

Next non-vulnerable version	3.7.1-4
Latest non-vulnerable version	6.7.0-2
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-j1c4-rux6-wygr Aliases: CVE-2014-9390 GHSA-6vvc-c2m3-cjf3 PYSEC-2020-217	Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.	3.7.1-4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T19:25:19.787649+00:00	Debian Oval Importer	Affected by	VCID-j1c4-rux6-wygr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T19:08:25.609936+00:00	Debian Oval Importer	Affected by	VCID-j1c4-rux6-wygr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T18:52:36.230542+00:00	Debian Oval Importer	Affected by	VCID-j1c4-rux6-wygr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0