CVE-2024-56074

Published: Dec 15, 2024Modified: Dec 16, 2024

5.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Exploitability: 1.3 / Impact: 3.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (5)

https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L22-L30

Source: cve@mitre.org

https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L99-L100

Source: cve@mitre.org

https://github.com/cyclotruc/gitingest/commit/9996a06a94450497c1abb35997f5e6cbc9b571ff

Source: cve@mitre.org

https://github.com/cyclotruc/gitingest/pull/23

Source: cve@mitre.org

https://gitingest.com/

Source: cve@mitre.org

Timeline

No history available yet.