CVE-2024-43785 — LOW (2.5) — White Hats Nepal

Vulnerability Description

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages.

CVSS Score

2.5

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-150

References

https://github.com/Byron/gitoxide/security/advisories/GHSA-88g2-r9rw-g55h

FAQ

What is CVE-2024-43785?

CVE-2024-43785 is a vulnerability with a CVSS score of 2.5 (LOW). gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspa...

How severe is CVE-2024-43785?

CVE-2024-43785 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-43785?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.