CVE-2024-51990

Vulnerability Description

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from unknown sources.

Related Weaknesses (CWE)

CWE-22

References

https://github.com/martinvonz/jj/security/advisories/GHSA-88h5-6w7m-5w56

FAQ

What is CVE-2024-51990?

CVE-2024-51990 is a documented vulnerability. jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in versi...

How severe is CVE-2024-51990?

CVSS scoring is not yet available for CVE-2024-51990. Check NVD for updates.

Is there a patch for CVE-2024-51990?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.