CVE-2024-35197

Name of the Vulnerable Software and Affected Versions gitoxide (affected versions not specified)

Description The issue is related to how gitoxide handles legacy device names on Windows. When fetching refs or checking out paths that clash with these names, it can read from or write to devices, potentially causing harm. This could lead to indefinite blocking, production of arbitrary messages, or other harmful effects under limited circumstances. The impact is expected to be limited in common configurations but may vary depending on the devices present, their usage, and the attacker's knowledge. Accessing devices through refs is less dangerous than through filenames. The greatest risk is if a command seems reasonable when a trusted application appears to recommend it, potentially misleading the user into running an attacker's command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.