CVE-2024-43785

CVSS 3.1 Score 2.5 of 10 (low)

Details

Published Aug 22, 2024
CWE ID 150

Summary

CVE-2024-43785 is a vulnerability affecting the gitoxide project, specifically within its core implementation that handles Git functionalities. The issue arises from the failure to neutralize certain control characters such as newlines and ANSI escape sequences that may appear in paths, author names, commit messages, and other metadata. This could enable an attacker using an untrusted repository to manipulate perceived contents and error messages. To remediate this vulnerability, users should update to the latest secure version of gitoxide provided in the relevant advisories. Although classified with a low severity score of 2.5 on the CVSS scale, it requires user interaction and has local attack vectors, making it potentially exploitable under specific conditions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share