漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
gitoxide-core does not neutralize special characters for terminals
Vulnerability Description
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
转义、元或控制序列转义处理不恰当
Vulnerability Title
gitoxide 安全漏洞
Vulnerability Description
gitoxide是Sebastian Thiel个人开发者的一个用 Rust 编写的 git 实现。 gitoxide存在安全漏洞,该漏洞源于不会消除出现在存储库路径、作者和提交者姓名、提交消息或其他元数据中的换行符、退格符或控制字符,允许不受信任的存储库歪曲其内容并更改或编造错误消息。
CVSS Information
N/A
Vulnerability Type
N/A