Security Bulletin
Summary
This vulnerability affects users on Windows and Mac OS X but not typical UNIX users. Even though the issue may not affect Linux users, if you are a hosting service whose users may fetch from your service to Windows or Mac OS X machines, you are strongly encouraged to update to protect such users who use existing versions of Git.
Vulnerability Details
CVEID: CVE-2014-9390
Description: A specifically crafted commit containing a malicious tree that is pushed to a Git repository could cause executable files within the .git/hooks/ folder to arbitrarily run on a client machine when checked out.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99562 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Affected Products and Versions
Rational Application Developer 9.1, 9.1.0.1, and 9.1.1.
Remediation/Fixes
Update the Eclipse Git Team Provider in the product to address this vulnerability:
| Product | VRMF | APAR | Remediation/First Fix |
| Rational Application Developer | 9.1, 9.1.0.1, 9.1.1 | PI32087 |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
* 20 January 2015: Original copy published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
PSIRT 2613, Record 47781
Was this topic helpful?
Document Information
Modified date:
04 February 2020
UID
swg21694391