Lucene search
K

25 matches found

CVE
CVE
added 2025/01/20 3:38 p.m.313 views

CVE-2025-22620

Summary: CVE-2025-22620 affects gitoxide’s gix-worktree-state, where one checkout strategy can apply 0777 permissions to executable files in Unix-like systems, bypassing the umask and potentially making files world-writable. This occurs in the checkout logic depending on destination_is_initially_...

5CVSS5AI score0.00361EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.5 views

PT-2025-4606 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.17.0 Description: The issue arises from the gix-worktree-state specifying 0777 permissions when checking out executable files. This is intended to be restricted by the umask, but one of the strategies used to set...

6.8CVSS6.2AI score0.00361EPSS
Exploits0References20
OSV
OSV
added 2024/05/23 8:55 a.m.5 views

CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

8.8CVSS8.4AI score0.00816EPSS
Exploits0References3
CVE
CVE
added 2024/05/23 8:55 a.m.311 views

CVE-2024-35186

gitoxide, a pure Rust Git implementation, has a vulnerability in gix-worktree-state where checkout ignores that paths must reside in the working tree. A specially crafted repository can cause new files to be created anywhere writable by the application during clone, impacting confidentiality, int...

8.8CVSS8.7AI score0.00816EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/13 12:0 a.m.4 views

PT-2024-5164 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.35.0 gitoxide versions prior to 0.42.0 gitoxide versions prior to 0.62.0 Description: The issue is related to the gix-transport component of gitoxide, which does not properly check the username part of a URL for...

6.4CVSS6.8AI score0.00514EPSS
Exploits0References14
Rows per page
Query Builder