gitoxide does not detect SHA-1 collision attacks

Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...

CVE-2025-31130

gitoxide (Rust) before version 0.42.0 used SHA-1 implementations (sha1_smol/sha1) without collision detection, risking broken Git object integrity if two distinct objects shared a SHA-1 hash. The CVE-2025-31130 vulnerability is fixed in 0.42.0. Affected users should upgrade to 0.42.0 or later to ...