VDB
CVE-2024-35186
CVE-2024-35186
PUBLISHED
CVSS 8.800000190734863 HIGH
gix traversal outside working tree enables arbitrary code execution
EPSS 0.36% · 58.7th percentile
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.36%
58.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| crates.io | gitoxide-core | 0 |
| crates.io | gix-worktree-state | 0 |
| Byron | gitoxide | < 0.36.0 |
| crates.io | gix-index | 0 |
| byron | gitoxide | 0 |
| crates.io | gix | 0 |
| crates.io | gix-fs | 0 |
| crates.io | gix-worktree | 0 |
| crates.io | gitoxide | 0 |
Timeline
- Jan 21, 1970 Security Advisory
- May 22, 2024 CVE Published
- May 24, 2024 EPSS Score
- Jun 18, 2024 EPSS Score
- Jul 8, 2024 CVE Updated
- Jul 11, 2024 EPSS Score
- Aug 27, 2024 EPSS Score
- Sep 20, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 13, 2024 EPSS Score
- Nov 6, 2024 EPSS Score
- Nov 29, 2024 EPSS Score