Maliciously crafted Git server replies can cause DoS on go-git clients

Impact A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications...

GHSA-MW99-9CHC-XW7R Maliciously crafted Git server replies can cause DoS on go-git clients

Impact A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications...

PT-2023-31260

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5.11 Description A denial of service DoS vulnerability was discovered in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server,...

PT-2024-13749

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5.11 Description A path traversal vulnerability was discovered in go-git, allowing an attacker to create and amend files across the filesystem. In the worst-case scenario, remote code execution could be achieved...

[SECURITY] Fedora 35 Update: golang-gopkg-src-d-git-4-4.13.1-8.fc35

A highly extensible git implementation in pure go...

Gogs 代码问题漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. A security vulnerability exists in Gogs versions prior to 0.12.5, which stems from the la...

Cross-site Scripting in Gogs

Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

Gogs (Go Git Service) Detection (HTTP)

HTTP based detection of Gogs Go Git Service. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-8683

CVE-2014-8683 describes a Cross-Site Scripting (XSS) flaw in Gogs (Go Git Service). The vulnerability affects Gogs versions 0.3.1-9 through 0.5.x before 0.5.8 and is triggered via the text parameter to the API endpoint api/v1/markdown, allowing injection of arbitrary web script/HTML. The root cau...

CVE-2014-8682

Gogs (Go Git Service) is affected by SQL injection via the q parameter in the API endpoints /api/v1/repos/search and /api/v1/users/search. The vulnerability stems from improper handling in the repository and user search code paths (models/repo.go and models/user.go) across Gogs versions 0.3.1-9 t...

CVE-2014-8681

CVE-2014-8681 affects Gogs (Go Git Service). The GetIssues function in models/issue.go has a SQL injection flaw exploitable via the label parameter in user/repos/issues, impacting Gogs versions 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta. Documents indicate remote attackers can execute arbitra...