CVE-2024-43785— gitoxide-core does not neutralize special characters for terminals
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-43785
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
gitoxide-core does not neutralize special characters for terminals
Source: NVD (National Vulnerability Database)
Vulnerability Description
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
转义、元或控制序列转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
gitoxide 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
gitoxide是Sebastian Thiel个人开发者的一个用 Rust 编写的 git 实现。 gitoxide存在安全漏洞,该漏洞源于不会消除出现在存储库路径、作者和提交者姓名、提交消息或其他元数据中的换行符、退格符或控制字符,允许不受信任的存储库歪曲其内容并更改或编造错误消息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-43785
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-43785
请登录查看更多情报信息。
- https://github.com/Byron/gitoxide/security/advisories/GHSA-88g2-r9rw-g55hx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2024-43785
IV. Related Vulnerabilities
Same product: gitoxide
- CVE-2026-0810
Gix-date: gix-date: undefined behavior due to invalid string - CVE-2025-31130
gitoxide does not detect SHA-1 collision attacks - CVE-2025-22620
gix-worktree-state nonexclusive checkout sets executable fil - CVE-2024-45405
gix-path improperly resolves configuration path reported by - CVE-2024-45305
gix-path uses local config across repos when it is the highe
Same vendor: Byron
- CVE-2024-45405
gix-path improperly resolves configuration path reported by - CVE-2024-45305
gix-path uses local config across repos when it is the highe - CVE-2024-40644
gitoxide's gix-path can use a fake program files location - CVE-2024-35197
gix refs and paths with reserved Windows device names access - CVE-2024-35186
gix traversal outside working tree enables arbitrary code ex
Same weakness: CWE-150
- CVE-2026-41526
KCoreAddons 安全漏洞 - CVE-2026-6019
BaseCookie.js_output() does not neutralize embedded characte - CVE-2026-40505
MuPDF < 1.27 mutool ANSI Injection via Metadata - CVE-2026-26149
Microsoft Power Apps Desktop Client Spoofing Vulnerability - CVE-2026-35651
OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Inject
V. Comments for CVE-2024-43785
No comments yet