CVE-2024-43785
CVSS V2 None
CVSS V3 None
Description
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages.
Overview
- CVE ID
- CVE-2024-43785
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-22T14:19:31.070Z
- Last Modified Date
- 2024-08-22T21:45:40.662Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/Byron/gitoxide/security/advisories/GHSA-88g2-r9rw-g55h | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-43785 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43785 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-23 13:08:23 | Added to TrackCVE |