JLSEC-2025-2 Command injection in `withpasswd()` function in Registrator.jl

Impact If the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, a shell script injection can occur within the withpasswd function. This can then lead to a potential RCE. Patches Users should upgrade immediately to v1.9.5. All prior versions are vulnerabl...

CVE-2023-53158

A flaw was found in gix-transport. The handling of clone URLs by the crate allows an attacker to execute arbitrary commands by injecting a malicious substring into the URL, specifically through the ssh protocol and ProxyCommand option. This vulnerability allows a local attacker to trigger command...

SUSE CVE-2024-32884

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

AZL-40264 CVE-2024-32884 affecting package rust for versions less than 1.72.0-8

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884

The CVE-2024-32884 issue affects gitoxide’s gix-transport component. A crafted clone URL can bypass checking the username portion of the URL, allowing characters that the external SSH program would interpret as options, which can smuggle SSH options and, in a malicious context (e.g., with a malic...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

gix-transport indirect code execution via malicious username

Summary gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose...

Improper Validation

code.gitea.io/gitea is vulnerable to Improper Validation. The vulnerability exists because Migration Downloaders can change the CloneURL which is improperly validated, allowing an attacker to redirect users to a malicious clone URL...

PT-2023-4724

Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.32 Description The issue is related to errors in processing input data in the GitPython library, which can allow a remote attacker to execute arbitrary code by injecting a specially crafted URL into the clone...