CVE-2024-56074

low-risk
Published 2024-12-15

gitingest before 9996a06 mishandles symbolic links that point outside of the base directory.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
NETWORK / HIGH complexity

References (5)

https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b5...
https://github.com/cyclotruc/gitingest/blob/9996a06a94450497c1abb35997f5e6cbc9b5...
https://github.com/cyclotruc/gitingest/commit/9996a06a94450497c1abb35997f5e6cbc9...
https://github.com/cyclotruc/gitingest/pull/23
https://gitingest.com/
22
/ 100
low-risk
Severity 17/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal