关联漏洞
描述
Reproducer for CVE-2025-22620
介绍
# checkout-index - Reproducer for CVE-2025-22620
This is the proof of concept code for [RUSTSEC-2025-0001](https://rustsec.org/advisories/RUSTSEC-2025-0001.html) (CVE-2025-22620, [GHSA-fqmf-w4xh-33rh](https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-fqmf-w4xh-33rh). It is the same code as in the advisory, but in the form of a Rust project, with `Cargo.toml` and `Cargo.lock` included.
The `main` branch has the version of the code presented in step 2 of the advisory, while the `unaffected-case` branch has the modification described in step 7 to show the effect of explicitly setting `destination_is_initially_empty: true`.
This repo was useful while writing the advisory, and I figured it might occasionally be useful to others. However, I expect this to be of much less interest than the advisory, and also this is not a substitute for the information in the advisory. As noted in the advisory, the vulnerability is fixed in `gix-worktree-state` 0.17.0.
## License
[**CC0-1.0**](COPYING), same as [the RUSTSEC advisory](https://rustsec.org/advisories/RUSTSEC-2025-0001.html).
文件快照
[4.0K] /data/pocs/64c4572b3d51b3ca010235b8689c1cb1d38c1ad0
├── [ 47K] Cargo.lock
├── [ 122] Cargo.toml
├── [6.4K] COPYING
├── [ 141] make-repo
├── [1.1K] README.md
└── [4.0K] src
└── [ 468] main.rs
1 directory, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。