jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from unknown sources.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Martinvonz
Martinvonz jj |
|
CPEs | cpe:2.3:a:martinvonz:jj:*:*:*:*:*:*:*:* | |
Vendors & Products |
Martinvonz
Martinvonz jj |
|
Metrics |
ssvc
|
Thu, 07 Nov 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from unknown sources. | |
Title | Path traversal via crafted Git repositories in jj | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-07T00:15:17.443Z
Updated: 2024-11-07T16:57:48.274Z
Reserved: 2024-11-04T17:46:16.775Z
Link: CVE-2024-51990
Vulnrichment
Updated: 2024-11-07T16:57:40.232Z
NVD
Status : Awaiting Analysis
Published: 2024-11-07T01:15:03.497
Modified: 2024-11-08T19:01:25.633
Link: CVE-2024-51990
Redhat
No data.