CNNVD-202507-3457 Information
Jul 28, 2025
cve
CNNVD ID
CNNVD-202507-3457
Related CVE
- CNNVD Published: 2025-07-28
Description (Chinese)
gix-transport crate是GitoxideLabs开源的一个Rust库。 gix-transport crate 0.36.1之前版本存在操作系统命令注入漏洞,该漏洞源于ssh命令注入可能导致远程命令执行。
Description (English)
gix-transport crate is a Rust bank open to Gitoxide Labs. There was an operational system command-infusion loophole in the pre-gex-transport crime 0.36.1 version, which originated from a ssh-injection that could result in remote command execution.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
GitoxideLabs
Published
2025-07-28
Last Modified
2026-02-24
References
https://crates.io/crates/gix-transport https://github.com/advisories/GHSA-rrjw-j4m2-mf34 https://github.com/GitoxideLabs/gitoxide/pull/1032 https://rustsec.org/advisories/RUSTSEC-2023-0064.html https://access.redhat.com/security/cve/cve-2023-53158
Patch
https://github.com/dalek-cryptography/curve25519-dalek/releases
Share on: