What is CVE-2024-45305?

CVE-2024-45305 is a low-severity vulnerability in Byron Gitoxide, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 2.5/10. Published 2024-09-02.

How severe is CVE-2024-45305?

Low severity. CVSS v3 base score is 2.5 out of 10.

Vulnerability in Byron Gitoxide

CVE-2024-45305

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. `gix-path` executes `git` to find the path of a configuration file that belongs to the `git` installation itself, but mistakenly treats the local rep…

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.5 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N.

Affected products

Byron Gitoxide — versions < 0.10.10

Weakness classification (CWE)

CWE-706 — Use of Incorrectly-Resolved Name or Reference

References

https://github.com/Byron/gitoxide/security/advisories/GHSA-v26r-4c9c-h3j6 (x_refsource_CONFIRM)
https://git-scm.com/docs/git-config#SCOPES (x_refsource_MISC)
https://github.com/Byron/gitoxide/blob/12251eb052df30105538fa831e641eea557f13d8/gix-path/src/env/git/mod.rs#L112 (x_refsource_MISC)
https://github.com/Byron/gitoxide/blob/12251eb052df30105538fa831e641eea557f13d8/gix-path/src/env/git/mod.rs#L91 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-45305?: CVE-2024-45305 is a low-severity vulnerability in Byron Gitoxide, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 2.5/10. Published 2024-09-02.
How severe is CVE-2024-45305?: Low severity. CVSS v3 base score is 2.5 out of 10.