Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dulwich Project Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16228 1 Dulwich Project 1 Dulwich 2019-10-02 7.5 HIGH 9.8 CRITICAL
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.
CVE-2014-9706 2 Debian, Dulwich Project 2 Debian Linux, Dulwich 2015-04-14 7.5 HIGH N/A
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
CVE-2015-0838 2 Debian, Dulwich Project 2 Debian Linux, Dulwich 2015-03-31 7.5 HIGH N/A
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.