CVE-2024-56074: gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.

Description

gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.

Classification

CVE ID: CVE-2024-56074

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://gitingest.com/
https://github.com/cyclotruc/gitingest/pull/23
https://github.com/cyclotruc/gitingest/commit/9996a06a94450497c1abb35997f5e6cbc9b571ff
https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L22-L30
https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b571ff/src/ingest.py#L99-L100

Timeline

2024-12-16 00:30:24 UTC
CVE

gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.