CVE-2024-43785 — Improper Neutralization of Escape, Meta, or Control Sequences in Gitoxide

CWE-150 — Improper Neutralization of Escape, Meta, or Control Sequences CWE-79 — Cross-site Scripting5 documents3 sources

Severity

2.5LOWNVD

EPSS

0.0%

top 93.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Byron Gitoxide

Timeline

PublishedAug 22

Latest updateSep 10

Description

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails.…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5byron/gitoxide0.41.0

▶crates.iobyron/gitoxide0.41.0

🔴Vulnerability Details

GHSA

Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting↗2025-09-10

▶

OSV

gitoxide-core does not neutralize special characters for terminals↗2024-08-22

▶

OSV

gitoxide-core does not neutralize special characters for terminals↗2024-08-22

▶

GHSA

gitoxide-core does not neutralize special characters for terminals↗2024-08-22

▶