14 matches found
USN-8088-1 golang-github-go-git-go-git vulnerabilities
Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this issue to cause a denial of service. CVE-2023-49568, CVE-2025-21614 Ionut Lalu discovered that go-git incorrectly handled file system paths when using the...
EUVD-2025-0045
Malicious code in bioql PyPI...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an argument injection vulnerability in go-git [CVE-2025-21613]
Summary IBM Watson Speech Services Cartridge is vulnerable to an argument injection vulnerability in go-git, allowing the setting of arbitrary values to git-upload-pack flags when file transport protocol is used CVE-2025-21613. Go-git is used in our watson-speech-catalog images. This vulnerabilit...
go-git: argument injection via the URL field
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...
go-git: argument injection via the URL field
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...
SUSE CVE-2025-21613
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
CVE-2025-21613
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport...
DEBIAN-CVE-2025-21613
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
AZL-55094 CVE-2025-21613 affecting package packer for versions less than 1.9.5-7
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
CVE-2025-21613
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
CVE-2025-21613 go-git has an Argument Injection via the URL field
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
go-git 参数注入漏洞
go-git is go-git open source a highly extensible git implementation library written in pure Go. A parameter injection vulnerability exists in go-git versions prior to v5.13, which stems from the presence of a parameter injection vulnerability that could allow an attacker to set arbitrary values t...
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...
CVE-2022-24066
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover...