25 matches found
CVE-2025-22620
Summary: CVE-2025-22620 affects gitoxide’s gix-worktree-state, where one checkout strategy can apply 0777 permissions to executable files in Unix-like systems, bypassing the umask and potentially making files world-writable. This occurs in the checkout logic depending on destination_is_initially_...
PT-2025-4606 · Gitoxide · Gitoxide
Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.17.0 Description: The issue arises from the gix-worktree-state specifying 0777 permissions when checking out executable files. This is intended to be restricted by the umask, but one of the strategies used to set...
CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution
gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...
CVE-2024-35186
gitoxide, a pure Rust Git implementation, has a vulnerability in gix-worktree-state where checkout ignores that paths must reside in the working tree. A specially crafted repository can cause new files to be created anywhere writable by the application during clone, impacting confidentiality, int...
PT-2024-5164 · Gitoxide · Gitoxide
Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.35.0 gitoxide versions prior to 0.42.0 gitoxide versions prior to 0.62.0 Description: The issue is related to the gix-transport component of gitoxide, which does not properly check the username part of a URL for...