155 matches found
CVE-2024-45405
Technical details about CVE-2024-45405 are not provided in the connected documents. Public details in the initial entry describe the issue and patch, but no additional technical specifics are available here. Monitor for updates.
gitoxide 安全漏洞
gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability in gitoxide gix-path prior to version 0.10.11, which stems from incorrectly parsing paths containing special or non-ASCII characters, could allow a local attacker to inject...
CVE-2024-45305
gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...
UBUNTU-CVE-2024-45305
gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...
CVE-2024-45305 gix-path uses local config across repos when it is the highest scope
gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...
CVE-2024-45305
gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...
CVE-2024-45305
The CVE-2024-45305 issue affects the gitoxide project’s gix-path component, where installation_config and installation_config_prefix parse Git’s config using git config -l --show-origin and then take the first line to determine the installation-scoped file. This can cause a local repository’s con...
CVE-2024-45305 gix-path uses local config across repos when it is the highest scope
gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...
CVE-2024-45305 gix-path uses local config across repos when it is the highest scope
gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...
gitoxide 安全漏洞
gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide versions prior to 0.10.10. An attacker can exploit this vulnerability to obtain sensitive information...
gitoxide (>=0.1.0 <=0.15.0) potentially affected by CVE-2024-43785 via gitoxide-core (>=0.10.5 <=0.3.0)
gitoxide-core CARGO version =0.10.5, =0.1.0, =0.15.0 Source cves: CVE-2024-43785 Source advisory: OSV:GHSA-88G2-R9RW-G55H...
gitoxide-core does not neutralize special characters for terminals
Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...
GHSA-88G2-R9RW-G55H gitoxide-core does not neutralize special characters for terminals
Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...
CVE-2024-43785
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a...
CVE-2024-43785
CVE-2024-43785 involves gitoxide-core (and its gix/ein commands) not neutralizing special characters in terminal output. The root cause is that newlines, backspaces, and control characters—including ANSI escape sequences—are not sanitized in repository metadata (paths, author/committer names, com...
CVE-2024-43785 gitoxide-core does not neutralize special characters for terminals
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a...
CVE-2024-43785 gitoxide-core does not neutralize special characters for terminals
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a...
CVE-2024-43785 gitoxide-core does not neutralize special characters for terminals
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a...
gitoxide-core does not neutralize special characters for terminals
Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...
gitoxide (>=0.1.0 <=0.15.0) potentially affected by CVE-2024-43785 via gitoxide-core (>=0.10.5 <=0.9.0)
gitoxide-core CARGO version =0.10.5, =0.1.0, =0.15.0 Source cves: CVE-2024-43785 Source advisory: OSV:RUSTSEC-2024-0364...