5 matches found
CVE-2024-35186 vulnerabilities
Vulnerabilities for packages: cargo-audit...
DEBIAN-CVE-2024-35186
gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...
CVE-2024-35186
gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...
CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution
gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...
gitoxide (>=0.1.0 <=0.15.0) potentially affected by CVE-2024-35186 via gitoxide-core (>=0.10.5 <=0.1.0)
gitoxide-core CARGO version =0.10.5, =0.1.0, =0.15.0 Source cves: CVE-2024-35186 Source advisory: OSV:GHSA-7W47-3WG8-547C...