11 matches found
Duplicate Advisory: gix-transport code execution vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone...
CVE-2024-32884
gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...
CVE-2024-32884 vulnerabilities
Vulnerabilities for packages: cargo-audit...
CVE-2024-32884 vulnerabilities
Vulnerabilities for packages: cargo-audit...
Azure Linux 3.0 Security Update: rust (CVE-2024-32884)
The version of rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32884 advisory. - gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for tex...
CBL Mariner 2.0 Security Update: rust (CVE-2024-32884)
The version of rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32884 advisory. - gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for tex...
CVE-2024-32884 affecting package rust for versions less than 1.72.0-8
CVE-2024-32884 affecting package rust for versions less than 1.72.0-8. A patched version of the package is available...
CVE-2024-32884 affecting package rust for versions less than 1.75.0-9
CVE-2024-32884 affecting package rust for versions less than 1.75.0-9. A patched version of the package is available...
CVE-2024-32884 affecting package rust for versions less than 1.75.0-9
CVE-2024-32884 affecting package rust for versions less than 1.75.0-9. A patched version of the package is available...
AZL-40264 CVE-2024-32884 affecting package rust for versions less than 1.72.0-8
gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...
CVE-2024-32884
creationtimestamp| type| source ---|---|--- 2024-04-13 13:04:03+00:00| published-proof-of-concept| https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-98p4-xjmm-8mfh...