gix-transport

crates.io2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting gix-transportpage 1 of 1

CVE-2023-53158MEDIUMCVSS 4.1EG 4.1✓ Fixed in 0.36.1
2025-07-28
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) tha…
CVE-2024-32884MEDIUMCVSS 6.4EG 6.4✓ Fixed in 0.42.0
2024-04-26
gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The p…

Check whether gix-transport is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gix-transport CVEs against the assets you own.

Start Free Scan →