Is CVE-2014-9390 actively exploited?

CVE-2014-9390 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2014-9390?

CVE-2014-9390 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2014-9390?

Patch guidance is available from git-scm security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2014-9390.

Fix CVE-2014-9390 - CRITICAL git-scm git

Q: Which products are affected by CVE-2014-9390?

13 products: git-scm git, git-scm git, git-scm git, git-scm git, git-scm git, and 8 more.

Description

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-20 · Improper Input Validation

Metadata

Primary Vendor: GIT-SCM
Published: 2/12/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

git-scm : gitgit-scm : gitgit-scm : gitgit-scm : gitgit-scm : gitmercurial : mercurialapple : xcodeapple : xcodeapple : xcodeeclipse : egiteclipse : jgiteclipse : jgitlibgit2 : libgit2

Remediation Guidance

Executive Summary

View on NIST NVD