Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/jgit@3.7.1-4
purl pkg:deb/debian/jgit@3.7.1-4
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-j1c4-rux6-wygr Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. CVE-2014-9390
GHSA-6vvc-c2m3-cjf3
PYSEC-2020-217

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T19:25:19.791272+00:00 Debian Oval Importer Fixing VCID-j1c4-rux6-wygr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T19:08:25.613899+00:00 Debian Oval Importer Fixing VCID-j1c4-rux6-wygr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T18:52:36.236120+00:00 Debian Oval Importer Fixing VCID-j1c4-rux6-wygr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0