VDB

GCVE-VVD-MAGEIA-2014-546

GCVE-VVD-MAGEIA-2014-546
Advisory Published
Vulnetix · Advisory published December 23, 2014
It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config (or any case variation), on the pull this would replace the user's .git/config. If this malicious config file contained defined external commands (such as for invoking and editor or an external diff utility) it could allow for the execution of arbitrary code with the privileges of the user running the git client (CVE-2014-9390).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiagit0 (affected), 1.8.5.6-1.mga4 (unaffected)

References

Updated git packages fix security vulnerability
advisory
Updated git packages fix security vulnerability
issue
Updated git packages fix security vulnerability
issue
Updated git packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›