org.eclipse.jgit:org.eclipse.jgit@5.4.2.201908231537-r vulnerabilities

latest version

7.1.0.202411261347-r

latest non vulnerable version

7.1.0.202411261347-r

first published

12 years ago

latest version published

1 months ago

licenses detected

EDL-1.0
[1.2.0.201112221803-r,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.jgit:org.eclipse.jgit package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improper Handling of Case Sensitivity Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the `DirCacheCheckout`, `ResolveMerger` (via its `WorkingTreeUpdater`), `PullCommand` using merge, and when applying a patch (`PatchApplier`). An attacker can write a file to locations outside the working tree on case-insensitive filesystems. This can lead to remote code execution if the written file is a git filter that gets executed on a subsequent git command. Note: This is only exploitable if the user performing the clone or checkout has the rights to create symbolic links, and symbolic links are enabled in the git configuration. How to fix Improper Handling of Case Sensitivity? Upgrade `org.eclipse.jgit:org.eclipse.jgit` to version 5.13.3.202401111512-r, 6.6.1.202309021850-r or higher.	[,5.13.3.202401111512-r)[6.0.0,6.6.1.202309021850-r)

Improper Handling of Case Sensitivity

Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the DirCacheCheckout, ResolveMerger (via its WorkingTreeUpdater), PullCommand using merge, and when applying a patch (PatchApplier). An attacker can write a file to locations outside the working tree on case-insensitive filesystems. This can lead to remote code execution if the written file is a git filter that gets executed on a subsequent git command.

Note: This is only exploitable if the user performing the clone or checkout has the rights to create symbolic links, and symbolic links are enabled in the git configuration.

How to fix Improper Handling of Case Sensitivity?

Upgrade org.eclipse.jgit:org.eclipse.jgit to version 5.13.3.202401111512-r, 6.6.1.202309021850-r or higher.

[,5.13.3.202401111512-r)[6.0.0,6.6.1.202309021850-r)

Go back to all versions of this package