CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/04/04 12:0 a.m.•1 views

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide versions prior to 0.42.0, which stems from a lack of collision detection in the SHA-1 hash implementation and could lead to a hash collision attack...

6.8CVSS6.3AI score0.0002EPSS

OSV•added 2025/04/03 12:0 p.m.•7 views

RUSTSEC-2025-0021 SHA-1 collision attacks are not detected

Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...

6.8CVSS7AI score0.0002EPSS

Exploits0References5

Tenable Nessus•added 2025/02/10 12:0 a.m.•3 views

Azure Linux 3.0 Security Update: rust (CVE-2024-32884)

The version of rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32884 advisory. - gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for tex...

6.4CVSS6.8AI score0.00087EPSS

RedhatCVE•added 2025/02/04 10:17 p.m.•3 views

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

8.8CVSS7.3AI score0.00364EPSS

SUSE CVE•added 2025/01/21 3:47 a.m.•1 views

SUSE CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

5CVSS6.8AI score0.00684EPSS

Exploits0References4

NVD•added 2025/01/20 4:15 p.m.•12 views

CVE-2025-22620

5CVSS0.00684EPSS

Vulnrichment•added 2025/01/20 3:38 p.m.•10 views

CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable

5CVSS6.6AI score0.00684EPSS

Debian CVE•added 2025/01/20 3:38 p.m.•10 views

CVE-2025-22620

5CVSS5.2AI score0.00684EPSS

Exploits0

CVE•added 2025/01/20 3:38 p.m.•305 views

CVE-2025-22620

Summary: CVE-2025-22620 affects gitoxide’s gix-worktree-state, where one checkout strategy can apply 0777 permissions to executable files in Unix-like systems, bypassing the umask and potentially making files world-writable. This occurs in the checkout logic depending on destination_is_initially_...

5CVSS5AI score0.00684EPSS

Cvelist•added 2025/01/20 3:38 p.m.•19 views

CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable

5CVSS0.00684EPSS

OSV•added 2025/01/20 3:38 p.m.•9 views

CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable

5CVSS6.4AI score0.00684EPSS

CNNVD•added 2025/01/20 12:0 a.m.•2 views

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide versions prior to 0.17.0, which stems from the fact that files in the repository are globally writable under certain circumstances...

5CVSS6.3AI score0.00684EPSS

Positive Technologies•added 2025/01/18 12:0 a.m.•3 views

PT-2025-4606 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.17.0 Description: The issue arises from the gix-worktree-state specifying 0777 permissions when checking out executable files. This is intended to be restricted by the umask, but one of the strategies used to set...

6.8CVSS6.2AI score0.00684EPSS

Exploits0References20

OSV•added 2024/10/23 12:0 a.m.•3 views

OPENSUSE-SU-2024:14424-1 gitoxide-0.38.0-1.1 on GA media

These are all security issues fixed in the gitoxide-0.38.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.5AI score0.00056EPSS

NVD•added 2024/09/06 1:15 p.m.•12 views

CVE-2024-45405

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

6CVSS0.00072EPSS

OSV•added 2024/09/06 1:15 p.m.•1 views

DEBIAN-CVE-2024-45405

6CVSS5.6AI score0.00072EPSS

Debian CVE•added 2024/09/06 1:10 p.m.•11 views

CVE-2024-45405

6CVSS5.6AI score0.00072EPSS

Exploits0

CVE•added 2024/09/06 1:10 p.m.•286 views

CVE-2024-45405

Technical details about CVE-2024-45405 are not provided in the connected documents. Public details in the initial entry describe the issue and patch, but no additional technical specifics are available here. Monitor for updates.

6CVSS6.3AI score0.00072EPSS

Vulnrichment•added 2024/09/06 1:10 p.m.•15 views

CVE-2024-45405 gix-path improperly resolves configuration path reported by Git

6CVSS7.1AI score0.00072EPSS