ANT-2026-6SNS6KMP · GitoxideLabs/gitoxide · Remote Code Execution

rce high GHSA-f26g-jm89-4g65 Severity Claude high · Security research firm - · Maintainer high Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-6SNS6KMP: RCE when updating a Git submodule of a malicious repository Updating a G...

CVE-2024-45405

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

CVE-2024-45405 gix-path improperly resolves configuration path reported by Git

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

CVE-2024-45305 gix-path uses local config across repos when it is the highest scope

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...

CVE-2024-45305 gix-path uses local config across repos when it is the highest scope

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...

CVE-2024-45305

The CVE-2024-45305 issue affects the gitoxide project’s gix-path component, where installation_config and installation_config_prefix parse Git’s config using git config -l --show-origin and then take the first line to determine the installation-scoped file. This can cause a local repository’s con...

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-path to continue receiving updates...

PT-2023-36087 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide project affected versions not specified Description: The gitoxide project has undergone a renaming of all crates from git- to gix-, with the git- prefixed crates no longer being updated. Recommendations: To continue receiving updates...