VDB
CVE-2024-45405
CVE-2024-45405
PUBLISHED
CVSS 6 MEDIUM
gix-path improperly resolves configuration path reported by Git
EPSS 0.07% · 22.1th percentile
Risk Scores
CVSS v3.1
6
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS Score
0.07%
22.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| crates.io | gix-path | 0 |
| byron | gitoxide | 0 |
| Byron | gitoxide | < 0.10.11 |
Timeline
- Jan 21, 1970 Security Advisory
- Sep 6, 2024 CVE Published
- Sep 7, 2024 EPSS Score
- Sep 27, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 17, 2024 EPSS Score
- Nov 6, 2024 EPSS Score
- Nov 26, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 14, 2025 EPSS Score
References
- https://github.com/Byron/gitoxide/security/advisories/GHSA-m8rp-vv92-46c7 url
- https://github.com/Byron/gitoxide/commit/650a1b5cf25e086197cc55a68525a411e1c28031 url
- https://github.com/Byron/gitoxide/blob/1cfe577d461293879e91538dbc4bbfe01722e1e8/gix-path/src/env/git/mod.rs#L138-L142 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-45405 advisory
- https://github.com/Byron/gitoxide package
- https://rustsec.org/advisories/RUSTSEC-2024-0371.html url