exploitDog

CVE-2024-51990

Опубликовано: 07 нояб. 2024

Источник: nvd

EPSS Низкий

Описание

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from unknown sources.

Ссылки

https://github.com/martinvonz/jj/security/advisories/GHSA-88h5-6w7m-5w56

EPSS

Процентиль: 32%

0.00127

Низкий

Дефекты

CWE-22

Связанные уязвимости

GHSA-88h5-6w7m-5w56

CVSS3: 7.5

github

больше 1 года назад

jj vulnerable to path traversal via crafted Git repositories

EPSS

Процентиль: 32%

0.00127

Низкий

Дефекты

CWE-22