The host is missing a security update according to Apple advisory, APPLE-SA-2014-12-18-1. The update is required to fix an arbitrary command execution vulnerability. A flaw is present in the application, which fails to handle a commit containing a malicious tree. Successful exploitation could allow attackers to write the contents of any file in .git/, including modifying or creating executable files in .git/hooks/.