Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Git
(Git\-Scm)| Repositories | https://github.com/git/git |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-10-14 | CVE-2017-15298 | Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. | Ubuntu_linux, Git | 5.5 | ||
| 2017-03-20 | CVE-2014-9938 | contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | Git | N/A | ||
| 2018-11-23 | CVE-2018-19486 | Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017. | Ubuntu_linux, Git | 9.8 |