GitHub < 1.9.4 .git/config Command Execution (Mac OS X)
Medium Nessus Plugin ID 80220
SynopsisThe remote host has an application installed that is affected by a remote command execution vulnerability.
DescriptionThe remote Mac OS X host has a version of GitHub prior to 194 installed. It is, therefore, affected by a remote command execution vulnerability when processing git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a user's '.git/config' file when the user clones or checks out a repository, allowing arbitrary command execution.
SolutionUpgrade to version 1.9.4 or later.