VYPR

rpm package

opensuse/gitoxide&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/gitoxide&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2025-31130MedApr 4, 2025
    affected < 0.42.0-1.1fixed 0.42.0-1.1

    gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 withou

  • CVE-2025-22620MedJan 20, 2025
    affected < 0.42.0-1.1fixed 0.42.0-1.1

    gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject

  • CVE-2024-35186HigMay 23, 2024
    affected < 0.36.0-1.1fixed 0.36.0-1.1

    gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads

  • CVE-2024-32650HigApr 19, 2024
    affected < 0.38.0-1.1fixed 0.38.0-1.1

    Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete