GHSA-V725-9546-7Q7M go-git has an Argument Injection via the URL field

Impact An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the onl...

go-git has an Argument Injection via the URL field

Impact An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the onl...

CVE-2025-21613

CVE-2025-21613 affects the go-git library. Affected: go-git prior to 5.13.0. Issue: argument injection vulnerability allowing an attacker to set arbitrary values on git-upload-pack flags when using the file transport protocol (shelling out to git binaries). Impact: potential disclosure/integrity/...

CVE-2025-21613 go-git has an Argument Injection via the URL field

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

CVE-2025-21613 go-git has an Argument Injection via the URL field

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

CVE-2025-21613 go-git has an Argument Injection via the URL field

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

PT-2025-1015

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5.13 Description A denial of service DoS vulnerability was discovered in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server,...

PT-2025-1014

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5.13 Description An argument injection vulnerability was discovered in go-git. The successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

go-git 资源管理错误漏洞

go-git is a go-git open source library of highly extensible git implementations written in pure Go. A security vulnerability exists in go-git versions prior to v5.13 that stems from the presence of a Denial of Service DoS vulnerability that allows an attacker to perform a Denial of Service attack...

go-git 参数注入漏洞

go-git is go-git open source a highly extensible git implementation library written in pure Go. A parameter injection vulnerability exists in go-git versions prior to v5.13, which stems from the presence of a parameter injection vulnerability that could allow an attacker to set arbitrary values t...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multible go-git vulnerabilities.

Summary Potential go-git vulnerabilities CVE-2023-49568, CVE-2023-49569 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49568 DESCRIPTIO...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

CBL Mariner 2.0 Security Update: packer (CVE-2023-49569)

The version of packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49569 advisory. - A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows a...

CBL Mariner 2.0 Security Update: packer (CVE-2023-49568)

The version of packer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49568 advisory. - A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability...

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0, which stems from...

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0 and earlier...

go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in the go library go-git. This issue may allow an attacker to create and amend files across the filesystem when applications are using the default ChrootOS, potentially allowing remote code execution...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.31 security update

Red Hat OpenShift Container Platform release 4.14.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

CVE-2024-37904

CVE-2024-37904 affects Minder’s Git provider, which can be DoS’d by cloning a large or malicious repository into memory via go-git/go-git/v5. The root cause is that user-controlled Git URLs are cloned without a repository size limit and the entire repo is loaded into memory, enabling memory exhau...