Releases1.12K
Frequency6 days 20 hours
Last Release
Stars9.29K
A fork of Git containing Windows-specific patches.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
7.4 HIGH

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses an attacker-controlled server. By default, NTLM authentication does not need any user interaction. By brute-forcing the NTLMv2 hash (which is expensive, but possible), credentials can be extracted. This issue has been fixed in version 2.53.0.windows.3.

<= 2.53.07.4 HIGH

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).

<= 2.40.4, >= 2.41.0, <= 2.41.3, >= 2.42.0, <= 2.42.4, >= 2.43.0, <= 2.43.6, >= 2.44.0, <= 2.44.3, >= 2.45.0, <= 2.45.3, >= 2.46.0, <= 2.46.3, >= 2.47.0, <= 2.47.1, >= 2.48.0, <= 2.48.18.8 HIGH

Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.

< 2.40.4, >= 2.41.0, < 2.41.3, >= 2.42.0, < 2.42.4, >= 2.43.0, < 2.43.6, >= 2.44.3, < 2.44.3, >= 2.45.3, < 2.45.3, >= 2.46.3, < 2.46.3, >= 2.47.0, < 2.47.2, = 2.48.04.7 MEDIUM

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.

< 2.40.4, >= 2.41.0, < 2.41.3, >= 2.42.0, < 2.42.4, >= 2.43.0, < 2.43.6, >= 2.44.3, < 2.44.3, >= 2.45.3, < 2.45.3, >= 2.46.3, < 2.46.3, >= 2.47.0, < 2.47.2, = 2.48.07.5 HIGH

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.

< 2.39.4, >= 2.40.0, < 2.40.2, >= 2.42.0, < 2.42.2, >= 2.43.0, < 2.43.4, = 2.45.0, = 2.44.0, = 2.41.09 CRITICAL

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

7.2 HIGH

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.

7.5 HIGH

Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines.

3.3 LOW

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.

8.6 HIGH

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.

= *7.2 HIGH

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.

< 2.39.18.6 HIGH

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources.

< 2.37.18.2 HIGH4.4 MEDIUM

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.

< 1.11.08.1 HIGH7.5 HIGH

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

< 2.35.26 MEDIUM6.9 MEDIUM

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.

<= 2.34.17.5 HIGH5 MEDIUM

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.

>= 2.22.0, < 2.22.3, < 2.17.4, >= 2.18.0, < 2.18.3, >= 2.19.0, < 2.19.4, >= 2.20.0, < 2.20.3, >= 2.21.0, < 2.21.2, >= 2.23.0, < 2.23.2, >= 2.24.0, < 2.24.2, >= 2.26.0, < 2.26.1, >= 2.25.0, < 2.25.39.3 CRITICAL5 MEDIUM

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.

= 2.17.0, >= 2.16.0, <= 2.16.3, >= 2.15.0, <= 2.15.1, >= 2.14.0, <= 2.14.3, <= 2.13.6, <= 2.17.16.8 MEDIUM

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.

7.8 HIGH4.4 MEDIUM

Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.

= 1.5.5.6, = 1.5.6.6, = 1.0.3, = 1.5.4, = 1.5.0.7, = 0.99.9m, = 1.5.5, = 1.5.6.5, = 1.0.0b, = 1.1.3, = 1.5.0, = 1.5.0.3, = 1.4.3, = 1.6.2.4, = 1.7.2.2, = 1.1.2, = 1.0.4, = 0.99.9k, = 1.5.1.4, = 1.5.6.4, = 1.5.6.3, = 1.0.5, = 1.5.2.5, = 1.5.3.1, = 1.5.4.1, = 1.6.3, = 1.3.2, = 1.5.2.1, = 1.5.1.5, = 1.3.1, = 0.99.9l, = 1.5.2.3, = 1.4.4.1, = 1.5.3.3, = 1.5.3, = 1.6.1, = 1.0.8, = 1.5.1.3, = 1.4.3.3, = 1.5.4.3, = 1.6.0, = 1.6.2, = 1.5.5.4, = 1.5.4.6, = 1.5.4.7, = 1.5.3.8, = 1.6.0.2, = 1.5.5.1, = 1.5.5.3, = 1.7.2.3, = 1.4.2.1, = 1.2.6, = 1.3.0, = 1.6.0.3, = 1.7.3.1, = 1.4.2.4, = 1.4.2, = 1.0.7, = 1.1.5, = 1.2.2, = 1.1.4, = 1.1.0, = 1.4.1.1, = 1.0.6, = 1.1.6, = 1.2.3, = 1.5.1, = 1.5.0.2, = 1.5.0.4, = 1.5.2, = 1.5.6, = 1.6.0.5, = 1.5.5.2, = 1.7.2.1, = 1.4.3.1, = 1.4.3.2, = 1.2.5, = 1.3.3, = 0.99.9n, = 1.2.1, = 1.5.2.4, = 1.4.4.4, = 1.5.4.2, = 1.5.4.4, = 1.6.3.1, = 1.6.0.1, = 1.6.2.5, = 1.7.2.5, = 1.7.3, = 1.5.0.1, = 1.4.4, = 1.4.3.4, = 1.5.3.5, = 1.5.3.2, = 1.6.1.4, = 1.6.2.2, = 1.6.2.1, = 1.4.1, = 1.1.1, = 1.4.0, = 1.2.4, = 0.99.9j, = 1.5.2.2, = 1.5.1.1, = 1.5.1.2, = 1.5.0.6, = 1.5.0.5, = 1.4.4.3, = 1.6.3.2, = 1.6.0.6, = 1.7.2, = 1.7.3.2, = 0.04, = 0.7.0, = 1.4.2.2, = 1.4.2.3, = 0.5, = 0.02, = 0.03, = 1.6.2.3, = 1.5.6.2, <= 1.7.3.3, = 1.0.0, = 0.6.0, = 1.5.1.6, = 1.4.4.5, = 1.5.3.4, = 1.5.3.7, = 1.6.0.4, = 1.4.3.5, = 0.01, = 1.7.2.4, = 1.2.0, = 1.4.4.2, = 1.5.3.6, = 1.5.5.5, = 1.5.6.1, = 1.5.4.54.3 MEDIUM

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.

= 1.5.5.6, = 1.5.6.6, = 1.5.4, = 1.5.0.7, = 1.5.5, = 1.5.6.5, = 1.5.0, = 1.5.0.3, = 1.5.2.5, = 1.6.0.2, = 1.5.1.3, = 1.5.5.1, = 1.6.3, = 1.6.2, = 1.5.6.4, = 1.5.2.3, = 1.5.4.1, = 1.6.0.3, = 1.6.1, = 1.5.6.3, = 1.5.3.8, = 1.6.2.4, = 1.5.5.4, = 1.5.1.4, = 1.5.4.7, = 1.6.0, = 1.5.5.3, = 1.5.0.4, = 1.5.0.6, = 1.5.4.4, = 1.5.6, = 1.6.0.5, = 1.5.0.2, = 1.5.1.1, = 1.5.2.4, = 1.5.3, = 1.6.2.1, = 1.6.0.6, = 1.5.0.1, = 1.5.2, = 1.5.2.2, = 1.6.2.2, = 1.6.0.1, = 1.5.1.5, = 1.6.3.2, = 1.5.5.5, = 1.5.0.5, = 1.5.1.2, = 1.5.4.2, = 1.5.1, = 1.6.2.5, = 1.5.6.2, = 1.5.3.6, = 1.6.3.1, = 1.6.1.4, = 1.6.2.3, = 1.6.0.4, = 1.5.6.1, = 1.4.4.5, = 1.5.3.2, = 1.5.3.45 MEDIUM

git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.

= 1.5.4, = 1.5.0.7, = 1.5.5, = 1.5.6.5, = 1.5.0, = 1.5.0.3, = 1.5.2.5, = 1.5.1.4, = 1.5.3.1, = 1.6.0.2, = 1.6.0.3, = 1.5.6.3, = 1.5.5.4, = 1.5.4.3, = 1.4.4.1, = 1.5.2.3, = 1.5.6.4, = 1.5.1.3, = 1.5.3.8, = 1.5.5.1, = 1.4.3.3, = 1.5.3, = 1.6.0, = 1.5.4.1, = 1.5.2.1, = 1.5.3.3, = 1.5.5.3, = 1.5.4.2, = 1.4.4, = 1.5.0.4, = 1.5.1.1, = 1.5.1.2, = 1.5.2.2, = 1.5.3.5, = 1.6.0.5, = 1.5.4.4, = 1.4.3.1, = 1.4.4.3, = 1.5.0.6, = 1.5.2.4, = 1.5.4.6, = 1.4.3.2, = 1.4.4.4, = 1.5.1.5, = 1.6.0.1, = 1.5.6, = 1.5.5.2, = 1.5.0.1, = 1.5.0.2, = 1.5.2, = 1.5.6.2, = 1.5.3.4, = 1.5.3.6, = 1.6.0.4, = 1.5.5.5, = 1.5.4.5, = 1.4.4.2, = 1.5.0.5, = 1.5.3.7, = 1.5.1.6, = 1.5.6.1, = 1.4.3.4, = 1.4.3.5, = 1.5.1, = 1.5.3.24.6 MEDIUM

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other versions after 1.4.3 allows local repository owners to execute arbitrary commands by modifying the diff.external configuration variable and executing a crafted gitweb query.

= 0.99.9j, = 0.99.9k, = 0.99.9l, = 0.99.9m, = 0.99.9n, = 1.0.0, = 1.0.0b, = 1.0.3, = 1.0.4, = 1.0.5, = 1.0.6, = 1.0.7, = 1.0.8, = 1.1.1, = 1.1.2, = 1.1.3, = 1.1.4, = 1.1.5, = 1.1.6, = 1.2.0, = 1.2.1, = 1.2.2, = 1.2.3, = 1.2.4, = 1.2.5, = 1.2.6, = 1.3.0, = 1.3.1, = 1.3.2, = 1.3.3, = 1.4.0, = 1.4.1, = 1.4.1.1, = 1.4.2, = 1.4.2.1, = 1.4.2.2, = 1.4.2.3, = 1.4.2.4, = 1.4.3, = 1.4.3.1, = 1.4.3.2, = 1.4.3.3, = 1.4.3.4, = 1.4.3.5, = 1.4.4, = 1.4.4.1, = 1.4.4.2, = 1.4.4.3, = 1.4.4.4, = 1.5.0, = 1.5.0.1, = 1.5.0.2, = 1.5.0.3, = 1.5.0.4, = 1.5.0.5, = 1.5.0.6, = 1.5.0.7, = 1.5.1, = 1.5.1.1, = 1.5.1.2, = 1.5.1.3, = 1.5.1.4, = 1.5.1.5, = 1.5.1.6, = 1.5.2, = 1.5.2.1, = 1.5.2.2, = 1.5.2.3, = 1.5.2.4, = 1.5.2.5, = 1.5.3, = 1.5.3.1, = 1.5.3.2, = 1.5.3.3, = 1.5.3.4, = 1.5.3.5, = 1.5.3.6, = 1.5.3.7, = 1.5.3.8, = 1.5.4, = 1.5.4.1, = 1.5.4.2, = 1.5.4.3, = 1.5.4.4, = 1.5.4.5, = 1.5.4.6, = 1.5.4.7, = 1.5.5, = 1.5.5.1, = 1.5.5.2, = 1.5.5.3, = 1.5.5.4, = 1.5.5.5, = 1.5.5.6, = 1.5.6.1, = 1.5.6.2, = 1.5.6.3, = 1.5.6.4, = 0.6.0, = 0.7.07.5 HIGH

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.

= 1.5.4, = 1.5.0.7, = 1.5.0, = 1.5.0.3, = 1.5.2.5, = 1.5.1.4, = 1.5.3.1, = 1.5.4.1, = 1.5.1.5, = 1.5.3.8, = 1.5.3, = 1.5.0.1, = 1.5.0.2, = 1.5.3.3, = 1.5.4.6, = 1.5.4.7, = 1.5.2.1, = 1.5.2.2, = 1.5.3.5, = 1.5.1.3, = 1.5.2.3, = 1.5.4.3, = 1.5.0.4, = 1.5.4.4, = 1.5.4.5, = 1.5.1.6, = 1.5.2, = 1.5.3.2, = 1.5.1, = 1.5.1.1, = 1.5.3.4, = 1.5.0.5, = 1.5.0.6, = 1.5.1.2, = 1.5.2.4, = 1.5.3.6, = 1.5.3.7, = 1.5.4.27.5 HIGH

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.

= 1.5.5.3, = 1.5.5.4, = 1.5.6.1, = 1.5.6.2, = 1.5.6.37.5 HIGH

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

= 1.0.3, = 1.0.0b, = 1.1.3, = 1.0.4, = 1.1.2, = 1.0.5, = 1.0.8, = 1.0.6, = 1.0.7, = 1.1.4, = 1.0.0, = 1.1.0, = 1.1.17.5 HIGH

Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.