3 matches found
Incorrect Behavior Order: Validate Before Canonicalize
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...
SUSE CVE-2026-34165
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
ROS-20250219-03
A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or modification. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information A vulnerability in th...