How severe is CVE-2024-32884?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2024-32884?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2024-32884 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0.

Related Vulnerabilities

CVE-2019-20659

MEDIUM

CVSS:6.4(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900...

CWE-772019

CVE-2019-20745

MEDIUM

CVSS:6.4(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.10.2 and WAC510 before 5.0.10.2.

CWE-772019

CVE-2023-49587

MEDIUM

CVSS:6.4(Medium)

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over ...

CWE-772023

CVE-2024-22546

MEDIUM

CVSS:6.4(Medium)

TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via ...

CWE-772024

CVE-2024-53526

MEDIUM

CVSS:6.4(Medium)

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.

CWE-772024

CVE-2024-7110

MEDIUM

CVSS:6.4(Medium)

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeli...

CWE-772024