Lucene search
+L

162 matches found

nessus
nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : cargo-c (ALAS2023-2026-1872)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1872 advisory. gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled...

9.1CVSS7.1AI score0.00466EPSS
Exploits1References8
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.10 views

CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS5.4AI score0.00248EPSS
Exploits1References1
mscve
mscve
added 2026/05/31 8:4 a.m.7 views

gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

...

8.5CVSS5.3AI score0.00351EPSS
Exploits0
nessus
nessus
added 2026/05/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-40034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/26 2:8 p.m.10 views

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/26 2:8 p.m.44 views

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS0.00351EPSS
Exploits0References5
cve
cve
added 2026/05/26 2:8 p.m.47 views

CVE-2026-40034

CVE-2026-40034 affects gix-submodule (gitoxide) prior to 0.82.0. The vulnerability arises because update in .gitmodules is not properly validated, allowing an attacker who has initialized a submodule with partial configuration in .git/config to bypass the CommandForbiddenInModulesConfiguration gu...

8.5CVSS6.2AI score0.00351EPSS
Exploits0References5
osv
osv
added 2026/05/26 2:8 p.m.2 views

CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule

gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...

8.5CVSS6.3AI score0.00351EPSS
Exploits0References7
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.12 views

gitoxide 安全漏洞

GitOxide is a Git implementation written in Rust by Sebastian Thiel. Versions of GitOxide prior to 0.82.0 contained a security vulnerability, which stemmed from improper validation of the update field in.gitmodules. This vulnerability could allow attackers to bypass the...

8.5CVSS6AI score0.00351EPSS
Exploits0References5
nessus
nessus
added 2026/05/14 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit...

7.8CVSS5.5AI score0.00248EPSS
Exploits1References3
nvd
nvd
added 2026/05/13 10:16 p.m.23 views

CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS0.00248EPSS
Exploits1References1
osv
osv
added 2026/05/13 10:16 p.m.8 views

DEBIAN-CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS5.8AI score0.00248EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/05/13 10:16 p.m.9 views

CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS5.8AI score0.00248EPSS
Exploits1References2
osv
osv
added 2026/05/13 10:16 p.m.6 views

UBUNTU-CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS5.8AI score0.00248EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/05/13 9:36 p.m.8 views

CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS5.8AI score0.00248EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/05/13 9:36 p.m.72 views

CVE-2026-44471 gitoxide: Symlink prefix-reuse allows worktree escape during checkout

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS0.00248EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/05/13 9:36 p.m.9 views

CVE-2026-44471 gitoxide: Symlink prefix-reuse allows worktree escape during checkout

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS5.8AI score0.00248EPSS
Exploits1References1
debiancve
debiancve
added 2026/05/13 9:36 p.m.7 views

CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS5.8AI score0.00248EPSS
Exploits1
cve
cve
added 2026/05/13 9:36 p.m.31 views

CVE-2026-44471

CVE-2026-44471 affects gitoxide prior to 0.21.1. A crafted tree can cause symlink prefix reuse during checkout, allowing an attacker-controlled symlink to be created into any writable directory via the worktree checkout flow. The vulnerability arises because certain cache/prefix handling in gix_f...

7.8CVSS5.8AI score0.00248EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/05/13 9:36 p.m.2 views

CVE-2026-44471 gitoxide: Symlink prefix-reuse allows worktree escape during checkout

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS6AI score0.00248EPSS
Exploits1References3
Rows per page
Query Builder