RUSTSEC-2024-0364 gitoxide-core does not neutralize special characters for terminals

Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide that originated from not eliminating line breaks, backspaces, or control characters that appear in repository paths, author and committer names, commit message...

PT-2024-30655 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide affected versions not specified Description: The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometim...

CBL Mariner 2.0 Security Update: rust (CVE-2024-32884)

The version of rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32884 advisory. - gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for tex...

The vulnerability of the Rust library for working with Git repositories like gitoxide arises from incorrect elimination of special elements in the output data. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Rust library for working with Git repositories like gitoxide is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted URL address...

CVE-2024-40644

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

CVE-2024-40644

The CVE-2024-40644 issue affects gitoxide’s gix-path on Windows. Affected code path allows a limited user to place a malicious git.exe in hard-coded fallback locations (C:/Program Files/Git/mingw64/bin or C:/Program Files (x86)/Git/mingw32/bin). gix-path’s env logic may directly execute that git....

CVE-2024-40644 gitoxide's gix-path can use a fake program files location

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

CVE-2024-40644 gitoxide's gix-path can use a fake program files location

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

CVE-2024-40644

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

CVE-2024-40644 gitoxide's gix-path can use a fake program files location

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

gix-path can use a fake program files location

Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...

PT-2024-28962 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: gitoxide versions 0.10.8 Description: The issue arises from gix-path being tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts to create new...

The vulnerability of the Rust library for working with Git repositories like gitoxide is related to shortcomings in the path name checking process for Windows. This allows an attacker to trigger a denial-of-service attack.

The vulnerability of the Rust library for working with Git repositories like gitoxide is related to shortcomings in the path name checking process for Windows. Exploiting this vulnerability could allow a malicious actor to cause service failures...

OPENSUSE-SU-2024:13987-1 gitoxide-0.36.0-1.1 on GA media

These are all security issues fixed in the gitoxide-0.36.0-1.1 package on the GA media of openSUSE Tumbleweed...

The vulnerability of the Rust library for working with Git repositories like gitoxide arises from errors in handling relative path handling for directories. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Rust library for working with Git repositories like gitoxide is related to errors in handling the relative path to the directory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

CVE-2024-35197 gix refs and paths with reserved Windows device names access the devices

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

CVE-2024-35197 gix refs and paths with reserved Windows device names access the devices

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...