Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » Git submodules vulnerability
Git submodules vulnerability [message #1796276] Tue, 09 October 2018 12:24 Go to next message
Eric Demorsy is currently offline Eric DemorsyFriend
Messages: 1
Registered: October 2018
Junior Member
Hi,

The Git Blog has published a CVE ( https://blog.github.com/2018-10-05-git-submodule-vulnerability/ ) regarding a vulnerability related to the .gitmodules file. Does this vulnerability also apply to EGit / JGit ?

Re: Git submodules vulnerability [message #1796434 is a reply to message #1796276] Fri, 12 October 2018 21:32 Go to previous message
Matthias Sohn is currently offline Matthias SohnFriend
Messages: 1105
Registered: July 2009
Senior Member
No, JGit is not affected. Service releases have been created which implement
validation of .gitmodules files in JGit to protect unguarded tools.

See
https://projects.eclipse.org/projects/technology.jgit/releases/4.7.5
https://projects.eclipse.org/projects/technology.jgit/releases/4.9.6
https://projects.eclipse.org/projects/technology.jgit/releases/4.11.4
https://projects.eclipse.org/projects/technology.jgit/releases/5.1.2
Previous Topic:eGit: replace does nothing for conflict files
Next Topic:Column for add/modify/delete is missing from revision detail area
Goto Forum:
  


Current Time: Mon Dec 09 16:17:22 GMT 2019

Powered by FUDForum. Page generated in 0.02146 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top