Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-u76v-um3g-cyed

Summary

Aliases

alias	CVE-2024-45405

alias	GHSA-m8rp-vv92-46c7

Fixed_packages

url	pkg:cargo/gix-path@0.10.11
purl	pkg:cargo/gix-path@0.10.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:cargo/gix-path@0.10.11

url	pkg:deb/debian/rust-gix-path@0.10.11-1?distro=trixie
purl	pkg:deb/debian/rust-gix-path@0.10.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-gix-path@0.10.11-1%3Fdistro=trixie

url	pkg:deb/debian/rust-gix-path@0.10.13-1?distro=trixie
purl	pkg:deb/debian/rust-gix-path@0.10.13-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-gix-path@0.10.13-1%3Fdistro=trixie

url	pkg:deb/debian/rust-gix-path@0.10.21-2?distro=trixie
purl	pkg:deb/debian/rust-gix-path@0.10.21-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-gix-path@0.10.21-2%3Fdistro=trixie

url	pkg:deb/debian/rust-gix-path@0.12.0-1?distro=trixie
purl	pkg:deb/debian/rust-gix-path@0.12.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-gix-path@0.12.0-1%3Fdistro=trixie

Affected_packages

url pkg:cargo/gix-path@0.10.10

purl pkg:cargo/gix-path@0.10.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u76v-um3g-cyed

resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/gix-path@0.10.10

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45405

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.22149
published_at	2026-06-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22331
published_at	2026-06-14T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22353
published_at	2026-06-13T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22339
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45405

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/Byron/gitoxide

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/Byron/gitoxide

reference_url

https://rustsec.org/advisories/RUSTSEC-2024-0371.html

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2024-0371.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082055
reference_id	1082055
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082055

reference_url

https://github.com/Byron/gitoxide/commit/650a1b5cf25e086197cc55a68525a411e1c28031

reference_id

650a1b5cf25e086197cc55a68525a411e1c28031

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T14:05:27Z/

url

https://github.com/Byron/gitoxide/commit/650a1b5cf25e086197cc55a68525a411e1c28031

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45405

reference_id

CVE-2024-45405

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45405

reference_url

https://github.com/advisories/GHSA-m8rp-vv92-46c7

reference_id

GHSA-m8rp-vv92-46c7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m8rp-vv92-46c7

reference_url

https://github.com/Byron/gitoxide/security/advisories/GHSA-m8rp-vv92-46c7

reference_id

GHSA-m8rp-vv92-46c7

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T14:05:27Z/

url

https://github.com/Byron/gitoxide/security/advisories/GHSA-m8rp-vv92-46c7

reference_url

https://github.com/Byron/gitoxide/blob/1cfe577d461293879e91538dbc4bbfe01722e1e8/gix-path/src/env/git/mod.rs#L138-L142

reference_id

mod.rs#L138-L142

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-06T14:05:27Z/

url

https://github.com/Byron/gitoxide/blob/1cfe577d461293879e91538dbc4bbfe01722e1e8/gix-path/src/env/git/mod.rs#L138-L142

Weaknesses

cwe_id	41
name	Improper Resolution of Path Equivalence
description	The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.

cwe_id	427
name	Uncontrolled Search Path Element
description	The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u76v-um3g-cyed

Vulnerability Instance