VYPR
Critical severityNVD Advisory· Published Mar 31, 2015· Updated Jun 17, 2026

CVE-2014-9706

CVE-2014-9706

Description

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dulwichPyPI
< 0.9.100.9.10

Affected products

3

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.