漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
gitoxide does not detect SHA-1 collision attacks
Vulnerability Description
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct Git objects with colliding SHA-1 hashes would break the Git object model and integrity checks when used with gitoxide. This vulnerability is fixed in 0.42.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
可逆的单向哈希
Vulnerability Title
gitoxide 安全漏洞
Vulnerability Description
gitoxide是Sebastian Thiel个人开发者的一个用 Rust 编写的 git 实现。 gitoxide 0.42.0之前版本存在安全漏洞,该漏洞源于SHA-1哈希实现缺乏碰撞检测,可能导致哈希碰撞攻击。
CVSS Information
N/A
Vulnerability Type
N/A