CVE-2024-43785

low

Description

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages.

References

https://github.com/Byron/gitoxide/security/advisories/GHSA-88g2-r9rw-g55h

Details

Source: Mitre, NVD

Published: 2024-08-22

Updated: 2024-08-23

Risk Information

CVSS v2

Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 2.5

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N