Tag

Credential-Disclosure

1 brief RSS

gix Submodule Path Traversal and Credential Disclosure

A vulnerability in gix's submodule name validation allows path traversal via a crafted .gitmodules file, combined with a trust inheritance flaw in Submodule::open(), enabling arbitrary git repository config reading, including credentials, with full trust.

gix +1 path-traversal credential-disclosure git

2r 3t Jan 3, 2024