CVE-2024-35197

CVE-2024-35197 affects the gitoxide project (gitoxide-core) and related advisories, describing a Windows-specific issue where fetching refs or checking out paths that collide with legacy device names can cause reads from devices or writes to devices. This can lead to indefinite blocking or the pr...

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

CVE-2024-35197 gix refs and paths with reserved Windows device names access the devices

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

DEBIAN-CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

UBUNTU-CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186

gitoxide, a pure Rust Git implementation, has a vulnerability in gix-worktree-state where checkout ignores that paths must reside in the working tree. A specially crafted repository can cause new files to be created anywhere writable by the application during clone, impacting confidentiality, int...

CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

CVE-2024-35186 gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

SUSE CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

SUSE CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide prior to version 0.36.0, which can be exploited to write arbitrary data to a device by obtaining a reference that conflicts with an old device name...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide prior to version 0.36.0, which can be exploited to execute arbitrary code by traversing the outside of the working tree...

gitoxide (>=0.1.0 <=0.15.0) potentially affected by CVE-2024-35197 via gitoxide-core (>=0.10.5 <=0.1.0)

gitoxide-core CARGO version =0.10.5, =0.1.0, =0.15.0 Source cves: CVE-2024-35197 Source advisory: OSV:GHSA-49JC-R788-3FC9...

gitoxide (>=0.1.0 <=0.15.0) potentially affected by CVE-2024-35186 via gitoxide-core (>=0.10.5 <=0.1.0)

gitoxide-core CARGO version =0.10.5, =0.1.0, =0.15.0 Source cves: CVE-2024-35186 Source advisory: OSV:GHSA-7W47-3WG8-547C...

GHSA-7W47-3WG8-547C gix traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

CVE-2024-35197

creationtimestamp| type| source ---|---|--- 2024-05-22 13:40:52+00:00| published-proof-of-concept| https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-49jc-r788-3fc9...

CVE-2024-35186

creationtimestamp| type| source ---|---|--- 2024-05-22 13:08:49+00:00| published-proof-of-concept| https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-7w47-3wg8-547c...