CVE-2024-51990

Name of the Vulnerable Software and Affected Versions jj versions prior to 0.23.0

Description Specially crafted Git repositories can cause jj to write files outside the clone. This issue can be achieved by having file objects which contain path traversals. To exploit this, an attacker would need to create a crafted Git repository and have the victim clone it using jj. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions prior to 0.23.0, upgrade to version 0.23.0 to address the issue. As a temporary workaround, consider avoiding cloning repositories from untrusted sources until a patch is available. Restrict access to unknown Git repositories to minimize the risk of exploitation.