Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues: Update to version 3.3.1611.0: CVE-2025-21613: Fixed argument injection via the URL field in github.com/go-git/go-git/v5 bsc1235575 Full changelog: https://github.com/aws/amazon-ssm-agent/compare/3.1.1260.0...3.3.1611.0 Patch Instruction...

go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies

A denial of service DoS vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : grafana (RHSA-2025:0401)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0401 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: go-git: argume...

go-git: argument injection via the URL field

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...

go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies

A denial of service DoS vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2025:0401 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: go-git: argument injection via the URL field CVE-2025-21613 go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies CVE-2025-21614 For more...

CBL Mariner 2.0 Security Update: packer (CVE-2025-21613)

The version of packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21613 advisory. - go-git is a highly extensible git implementation library written in pure Go. An argument injection...

go-git clients vulnerable to DoS via maliciously crafted Git server replies

...

go-git has an Argument Injection via the URL field

...

CBL Mariner 2.0 Security Update: packer (CVE-2025-21614)

The version of packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21614 advisory. - go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS...

Denial Of Service (DoS)

go-git is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient handling of specially crafted responses from a Git server, which can trigger resource exhaustion in go-git clients...

Argument Injection

github.com/go-git/go-git is vulnerable to an Argument Injection. The vulnerability is due to improper validation of input arguments passed to the git-upload-pack flags, which allows arbitrary values to be injected when using the file transport protocol...

The vulnerability of the go-git library, related to unlimited resource distribution, allows a hacker to cause a service failure.

The vulnerability of the go-git library is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the git-upload-pack method of the go-git library allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the git-upload-pack method in the go-git library is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a malicious actor to influence the confidentiality, integrity, and accessibility of the protected information...

SUSE CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

GO-2025-3368 Argument Injection via the URL field in github.com/go-git/go-git

Argument Injection via the URL field in github.com/go-git/go-git...

GO-2025-3367 Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git

Clients vulnerable to DoS via maliciously crafted Git server replies in github.com/go-git/go-git...

CVE-2025-21614

A denial of service DoS vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients...