CVE-2014-9938

Priority
Medium
Description
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize
branch names in the PS1 variable, allowing a malicious repository to cause
code execution.
References
Bugs
Notes
 mdeslaur> PoC: https://github.com/njhartwell/pw3nage
 mdeslaur> only affects 1.8.1+
Assigned-to
mdeslaur
Package
Source: git (LP Ubuntu Debian)
Upstream:released (1:2.0.0~rc2-1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:1.9.1-1ubuntu0.4)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:2.7.4-0ubuntu1)
Ubuntu 17.04 (Zesty Zapus):not-affected
Patches:
Upstream:https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
More Information

Updated: 2017-08-11 23:52:48 UTC (commit 13081)