155 matches found
CVE-2025-22620
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...
CVE-2024-43785
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a...
CVE-2024-32884
gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...
CVE-2024-35197
gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the...
CVE-2024-40644
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...
gitoxide-0.42.0-1.1 on GA media (moderate)
gitoxide-0.42.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14994-1 Rating: moderate Cross-References: CVE-2025-22620 CVE-2025-31130 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the...
OPENSUSE-SU-2025:14994-1 gitoxide-0.42.0-1.1 on GA media
These are all security issues fixed in the gitoxide-0.42.0-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
GHSA-794X-2RPG-RFGR Jujutsu does not have SHA-1 collision detection
Summary Jujutsu 0.28.0 and earlier rely on versions of gitoxide that use SHA-1 hash implementations without any collision detection, leaving them vulnerable to hash collision attacks. Details This is a result of the underlying CVE-2025-31130 / GHSA-2frx-2596-x5r6 vulnerability in the gitoxide...
CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
gitoxide (>=0.1.0 <=0.15.0) potentially affected by CVE-2025-31130 via gitoxide-core (>=0.10.5 <=0.3.0)
gitoxide-core CARGO version =0.10.5, =0.1.0, =0.15.0 Source cves: CVE-2025-31130 Source advisory: OSV:GHSA-2FRX-2596-X5R6...
GHSA-2FRX-2596-X5R6 gitoxide does not detect SHA-1 collision attacks
Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...
gitoxide does not detect SHA-1 collision attacks
Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...
DEBIAN-CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
UBUNTU-CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
CVE-2025-31130
gitoxide (Rust) before version 0.42.0 used SHA-1 implementations (sha1_smol/sha1) without collision detection, risking broken Git object integrity if two distinct objects shared a SHA-1 hash. The CVE-2025-31130 vulnerability is fixed in 0.42.0. Affected users should upgrade to 0.42.0 or later to ...
CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...
CVE-2025-31130
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...