Summary
During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application.
Details
Although gix-worktree-state checks for collisions with existing files, it does not itself check if a path is really in the working tree when performing a checkout, nor do the path checks in gix-fs and gix-worktree prevent this. Cloning an untrusted repository containing specially crafted tree or blob names will create new files outside the repository, or inside the repository or a submodule's .git directory. The simplest cases are:
- A tree named
..to traverse upward. This facilitates arbitrary code execution because files can be placed in one or more locations where they are likely to be executed soon. - A tree named
.gitto enter a.gitdirectory. This facilitates arbitrary code execution because hooks can be installed.
A number of alternatives that achieve the same effect are also possible, some of which correspond to specific vulnerabilities that have affected Git in the past:
- A tree or blob whose name contains one or more
/, to traverse upward or downward. For example, even without containing any tree named..or.git, a repository can represent a file named../outsideor.git/hooks/pre-commit. This is distinct from the more intuitive case a repository containing trees that represent those paths. - In Windows, a tree or blob whose name contains one or more
\, to traverse upward or downward. (Unlike/, these are valid on other systems.) See GHSA-xjx4-8694-q2fq. - On a case-insensitive filesystem (such as NTFS, APFS, or HFS+), a tree named as a case variant of
.git. - On HFS+, a tree named like
.gitor a case variant, with characters added that HFS+ ignores in collation. See https://github.com/git/git/commit/6162a1d323d24fd8cbbb1a6145a91fb849b2568f. - On NTFS, a tree equivalent to
.git(or a case variant) by the use of NTFS stream notation, such as.git::$INDEX_ALLOCATION. See GHSA-5wph-8frv-58vj. - On an NTFS volume with 8.3 aliasing enabled, a tree named as
git~1(or a case variant). See GHSA-589j-mmg9-733v.
When a checkout creates some files outside the repository directory but fails to complete, the repository directory is usually removed, but the outside files remain.
PoC
For simplicity, these examples stage a stand-in file with a valid name, modify the index, and commit. The instructions assume sed supports -i, which is the case on most systems. If using Windows, a Git Bash shell should be used.
Example: Downward traversal to install hooks
- Create a new repository with
git init dangerous-repo-installs-hookandcdinto the directory. - Create the stand-in called
.git@hooks@pre-commit, with the contents:#!/bin/sh printf 'Vulnerable!\n' date >vulnerable - Stage the stand-in:
git add --chmod=+x .git@hooks@pre-commit - Edit the index:
env LC_ALL=C sed -i.orig 's|\.git@hooks@pre-commit|.git/hooks/pre-commit|' .git/index - Commit:
git commit -m 'Initial commit' - Optionally, push to a private remote.
Then, on another or the same machine:
- Clone the repository with a
gix clone …command. - Enter the newly created directory.
- Optionally run
ls -l .git/hooksto observe that thepre-commithook is already present. - Make a new file and commit it with
git. This causes the payload surreptitiously installed as apre-commithook to run, printing the messageVulnerable!and creating a file in the current directory containing the current date and time.
Note that the effect is not limited to modifying the current directory. The payload could be written to perform any action that the user who runs git commit is capable of.
Example: Upward traversal to create a file above the working tree
- Create a new repository with
git init dangerous-repo-reaches-up, andcdinto the directory. - Create the stand-in:
echo 'A file outside the working tree, somehow.' >..@outside - Stage the stand-in:
git add ..@outside - Edit the index:
env LC_ALL=C sed -i.orig 's|\.\.@outside|../outside|' .git/index - Commit:
git commit -m 'Initial commit' - Optionally, push to a private remote.
Then, as above, on the same or another machine, clone the repository with a gix clone … command. Observe that a file named outside is present alongside (not inside) the cloned directory.
Impact
Any use of gix or another application that makes use of gix-worktree-state, or otherwise relies on gix-fs and gix-worktree for validation, is affected, if used to clone untrusted repositories. The above description focuses on code execution, as that leads to a complete loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well.
In use cases where no untrusted repository is ever cloned, this vulnerability has no impact. Furthermore, the impact of this vulnerability may be lower when gix is used to clone a repository for CI/CD purposes, even if untrusted, since in such uses the environment is usually isolated and arbitrary code is usually run deliberately from the repository with necessary safeguards in place.
Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.
CVE-2024-35186 has a CVSS score of 8.8 (High). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.11.0, 0.36.0, 0.34.0, 0.63.0, 0.38.0, 0.33.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
gix-worktree-state to 0.11.0 or later; gitoxide to 0.36.0 or later; gix-fs to 0.11.0 or later; gix-worktree to 0.34.0 or later; gix to 0.63.0 or later; gitoxide-core to 0.38.0 or later; gix-index to 0.33.0 or later
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2024-35186? CVE-2024-35186 is a high-severity path traversal vulnerability in gix-worktree-state (rust), affecting versions < 0.11.0. It is fixed in 0.11.0, 0.36.0, 0.34.0, 0.63.0, 0.38.0, 0.33.0. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
- How severe is CVE-2024-35186? CVE-2024-35186 has a CVSS score of 8.8 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which packages are affected by CVE-2024-35186?
gix-worktree-state(rust) (versions < 0.11.0)gitoxide(rust) (versions < 0.36.0)gix-fs(rust) (versions < 0.11.0)gix-worktree(rust) (versions < 0.34.0)gix(rust) (versions < 0.63.0)gitoxide-core(rust) (versions < 0.38.0)gix-index(rust) (versions < 0.33.0)
- Is there a fix for CVE-2024-35186? Yes. CVE-2024-35186 is fixed in 0.11.0, 0.36.0, 0.34.0, 0.63.0, 0.38.0, 0.33.0. Upgrade to this version or later.
- Is CVE-2024-35186 exploitable, and should I be worried? Whether CVE-2024-35186 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2024-35186 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2024-35186?
- Upgrade
gix-worktree-stateto 0.11.0 or later - Upgrade
gitoxideto 0.36.0 or later - Upgrade
gix-fsto 0.11.0 or later - Upgrade
gix-worktreeto 0.34.0 or later - Upgrade
gixto 0.63.0 or later - Upgrade
gitoxide-coreto 0.38.0 or later - Upgrade
gix-indexto 0.33.0 or later
- Upgrade