PT-2025-1015

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5.13 Description A denial of service DoS vulnerability was discovered in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server,...

CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

wolfictl leaks GitHub tokens to remote non-GitHub git servers

Summary A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com. Details Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some ...

Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...