Dulwich Project Dulwich — known CVE vulnerabilities
Every CVE whose affected-product data names Dulwich Project Dulwich, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2017-16228 — CVSS 9.8 (critical): Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial…
CVE-2014-9706 — CVSS 7.5 (high): The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with…
CVE-2015-0838 — CVSS 7.5 (high): Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute…