https://bugzilla.suse.com/show_bug.cgi?id=1225023 Bug ID: 1225023 Summary: VUL-0: CVE-2024-35186: gitoxide: traversal outside working tree enables arbitrary code execution Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: camila.matos@suse.com QA Contact: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. References: https://github.com/Byron/gitoxide/security/advisories/GHSA-7w47-3wg8-547c https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35186 -- You are receiving this mail because: You are on the CC list for the bug.