Git for Windows .git/config Command Execution
Medium Nessus Plugin ID 80306
SynopsisThe remote Windows host has an application installed that is affected by a command execution vulnerability.
DescriptionThe version of Git for Windows (also known as msysGit) installed on the remote host is prior to 1.9.5. It is, therefore, affected by a command execution vulnerability when processing specially crafted git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a user's '.git/config' file when the user clones or checks out a repository, allowing arbitrary command execution.
SolutionUpgrade to Git for Windows 1.9.5 (Git-1.9.5-preview20141217) or later.