PT-2026-51628

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description Gogs contains an authorization bypass in its Git Smart HTTP handler for repository RPCs. The system determines the authorization policy based on the client-supplied service query parameter rathe...

Dulwich has unbounded memory allocation in receive-pack from crafted thin packs

Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack / applydelta, it would...