53 matches found
go-git: argument injection via the URL field
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...
The vulnerability of the git-upload-pack method of the go-git library allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the git-upload-pack method in the go-git library is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a malicious actor to influence the confidentiality, integrity, and accessibility of the protected information...
SUSE CVE-2025-21613
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
CVE-2025-21613
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...
CVE-2025-21613
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
AZL-55094 CVE-2025-21613 affecting package packer for versions less than 1.9.5-7
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
DEBIAN-CVE-2025-21613
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
UBUNTU-CVE-2025-21613
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
CVE-2025-21613 go-git has an Argument Injection via the URL field
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
go-git 参数注入漏洞
go-git is go-git open source a highly extensible git implementation library written in pure Go. A parameter injection vulnerability exists in go-git versions prior to v5.13, which stems from the presence of a parameter injection vulnerability that could allow an attacker to set arbitrary values t...
CLSA-2024-1728056367 Fix CVE(s): CVE-2024-32465
SECURITY UPDATE: Bypass of protections in untrusted repositories - debian/patches/CVE-2024-32465.patch: Disable lazy-fetching by default in upload-pack to prevent arbitrary command execution during clone/fetch - CVE-2024-32465...
CLSA-2024-1721929661 git: Fix of 2 CVEs
CVE-2024-32004: add tests for cloning from partial repo, fetch/clone: detect dubious ownership of local repositories - CVE-2024-32465: upload-pack: disable lazy-fetching by default...
Important: git
Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this...
Important: git
Issue Overview: An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. Affected Packages: git Issue Correction: Run dnf update git --releasever 2023.4.20240513 or dnf update...
GHSA-8JMW-WJR8-2X66 Command injection in git-clone
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. Credits Credit to @lirantal for discovering this vulnerability...
Command injection in git-clone
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. Credits Credit to @lirantal for discovering this vulnerability...
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...
CVE-2022-25900 Command Injection
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...