rpm package
opensuse/gitoxide&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gitoxide&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-31130 | Med | 6.8 | < 0.42.0-1.1 | 0.42.0-1.1 | Apr 4, 2025 | gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 withou | |
| CVE-2025-22620 | Med | 5.0 | < 0.42.0-1.1 | 0.42.0-1.1 | Jan 20, 2025 | gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject | |
| CVE-2024-35186 | Hig | 8.8 | < 0.36.0-1.1 | 0.36.0-1.1 | May 23, 2024 | gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads | |
| CVE-2024-32650 | Hig | 7.5 | < 0.38.0-1.1 | 0.38.0-1.1 | Apr 19, 2024 | Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete |
- affected < 0.42.0-1.1fixed 0.42.0-1.1
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 withou
- affected < 0.42.0-1.1fixed 0.42.0-1.1
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject
- affected < 0.36.0-1.1fixed 0.36.0-1.1
gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads
- affected < 0.38.0-1.1fixed 0.38.0-1.1
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete