jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from unknown sources.
History

Thu, 07 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Martinvonz
Martinvonz jj
CPEs cpe:2.3:a:martinvonz:jj:*:*:*:*:*:*:*:*
Vendors & Products Martinvonz
Martinvonz jj
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 07 Nov 2024 00:45:00 +0000

Type Values Removed Values Added
Description jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from unknown sources.
Title Path traversal via crafted Git repositories in jj
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-07T00:15:17.443Z

Updated: 2024-11-07T16:57:48.274Z

Reserved: 2024-11-04T17:46:16.775Z

Link: CVE-2024-51990

cve-icon Vulnrichment

Updated: 2024-11-07T16:57:40.232Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-07T01:15:03.497

Modified: 2024-11-08T19:01:25.633

Link: CVE-2024-51990

cve-icon Redhat

No data.