Описание
gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.12.1-1 |
| esm-apps/noble | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | needs-triage | |
| oracular | ignored | end of life, was needs-triage |
| plucky | not-affected | 0.12.1-1 |
| questing | not-affected | 0.12.1-1 |
| upstream | released | 0.11.3-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.37.0-1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | ignored | end of life, was needs-triage |
| plucky | not-affected | 0.37.0-1 |
| questing | not-affected | 0.37.0-1 |
| upstream | released | 0.33.1-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.38.0-1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | ignored | end of life, was needs-triage |
| plucky | not-affected | 0.38.0-1 |
| questing | not-affected | 0.38.0-1 |
| upstream | released | 0.34.1-1 |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0.
gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...
gix traversal outside working tree enables arbitrary code execution
Уязвимость библиотеки на языке Rust для работы с Git-репозиториями gitoxide, связанная с ошибками в обработке относительного пути к каталогу, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3