Back to search
CVE-2014-9938
Published: Mar 20, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/njhartwell/pw3nage
x_refsource_MISC
https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
x_refsource_CONFIRM
RHSA-2017:2004
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now