RUSTSEC-2024-0349 Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

RUSTSEC-2024-0348 Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

RUSTSEC-2024-0350 Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

PT-2024-4191 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide affected versions not specified Description: The issue is related to how gitoxide handles legacy device names on Windows. When fetching refs or checking out paths that clash with these names, it can read from or write to devices,...

SUSE CVE-2024-32884

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884

The CVE-2024-32884 issue affects gitoxide’s gix-transport component. A crafted clone URL can bypass checking the username portion of the URL, allowing characters that the external SSH program would interpret as options, which can smuggle SSH options and, in a malicious context (e.g., with a malic...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by Sebastian Thiel, a solo developer. A security vulnerability exists in gitoxide because gix-transport does not check the username of the URL...

CVE-2024-32884

creationtimestamp| type| source ---|---|--- 2024-04-13 13:04:03+00:00| published-proof-of-concept| https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-98p4-xjmm-8mfh...

RUSTSEC-2024-0335 gix-transport indirect code execution via malicious username

Summary gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose...

PT-2024-5164 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.35.0 gitoxide versions prior to 0.42.0 gitoxide versions prior to 0.62.0 Description: The issue is related to the gix-transport component of gitoxide, which does not properly check the username part of a URL for...

RUSTSEC-2023-0026 Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-path to continue receiving updates...

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-path to continue receiving updates...

RUSTSEC-2023-0025 Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-hash to continue receiving updates...

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-hash to continue receiving updates...

PT-2023-36087 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide project affected versions not specified Description: The gitoxide project has undergone a renaming of all crates from git- to gix-, with the git- prefixed crates no longer being updated. Recommendations: To continue receiving updates...