[Bug 1225023] New: VUL-0: CVE-2024-35186: gitoxide: traversal outside working tree enables arbitrary code execution
https://bugzilla.suse.com/show_bug.cgi?id=1225023 Bug ID: 1225023 Summary: VUL-0: CVE-2024-35186: gitoxide: traversal outside working tree enables arbitrary code execution Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: camila.matos@suse.com QA Contact: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. References: https://github.com/Byron/gitoxide/security/advisories/GHSA-7w47-3wg8-547c https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35186 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225023 Camila Camargo de Matos <camila.matos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://smash.suse.de/issue | |/407401/ -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225023 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1225023 Camila Camargo de Matos <camila.matos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com