GHSA-fr8x-3vfx-f45h: gix and gitoxide: unvalidated submodule name traverses out of .git/modules and redirects state() / open() to another repository

attachments: pocs.zip

Submodule names coming from .gitmodules are exposed as unvalidated names and are later reused to derive the submodule git directory as:

<superproject common_dir>/modules/<submodule name>

Because the submodule name is joined directly as a filesystem path component, a name such as ../../../escaped-target.git escapes .git/modules after normalization. The current implementation then uses that escaped path in both state() and open().

The updated PoC demonstrates the real sink, not just string construction:

• state() reports repository_exists=true for the traversed path;
• open() returns a repository whose normalized common_dir() matches the attacker-chosen repository outside .git/modules.