41 matches found
CVE-2025-54584 GitProxy is vulnerable to a packfile parsing exploit
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
CVE-2025-54584
GitProxy (versions ≤ 1.19.1) is vulnerable to a packfile parsing exploit due to the parsePush.ts PACK signature detection. An attacker can craft a malicious Git packfile that embeds a misleading PACK signature within commit content and manipulates the packet structure, causing the parser to treat...
CVE-2025-54584 GitProxy is vulnerable to a packfile parsing exploit
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
CVE-2025-54584 GitProxy is vulnerable to a packfile parsing exploit
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
CVE-2025-54583 GitProxy bypasses approvals when pushing multiple branches
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...
CVE-2025-54583
GitProxy (finos/git-proxy) vulnerability CVE-2025-54583 affects version 1.19.1 and earlier; 1.19.2 fixes the issue. The flaw allows pushing to a remote repository while bypassing policy checks and explicit approvals when multiple branches are pushed, enabling code that should be blocked (e.g., se...
CVE-2025-54583 GitProxy bypasses approvals when pushing multiple branches
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...
CVE-2025-54583 GitProxy bypasses approvals when pushing multiple branches
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...
GitProxy New Branch Approval Exploit
Summary An attacker can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. Because it can greatly affect system integrity, we classify this as a High impact vulnerability. Details GitProxy checks for the...
GHSA-39P2-8HQ9-FWJ6 GitProxy New Branch Approval Exploit
Summary An attacker can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. Because it can greatly affect system integrity, we classify this as a High impact vulnerability. Details GitProxy checks for the...
GitProxy Backfile Parsing Exploit
Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...
GHSA-XXMH-RF63-QWJV GitProxy Backfile Parsing Exploit
Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...
GHSA-QR93-8WWF-22G4 GitProxy Approval Bypass When Pushing Multiple Branches
Summary This vulnerability allows a user to push to the remote repository while bypassing policies and explicit approval. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. Because it can allow policy violations to go undetected, w...
The Fintech Open Source Foundation GitProxy 授权问题漏洞
The Fintech Open Source Foundation GitProxy is a The Fintech Open Source Foundation Foundation deployment of custom push protections and policies on top of Git. An authorization issue vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and prior versions, which stems from t...
PT-2025-31443 · Gitproxy · Git-Proxy
Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A crafted malicious Git packfile can exploit the PACK signature detection in the parsePush.t...
PT-2025-31442 · Gitproxy · Git-Proxy
Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and Git remote endpoints. Versions 1.19.1 and below permit users to bypass policies and explicit approvals when pushing...
The Fintech Open Source Foundation GitProxy 信息泄露漏洞
The Fintech Open Source Foundation GitProxy is a The Fintech Open Source Foundation Foundation deployment of custom push protections and policies on top of Git. An information disclosure vulnerability exists in The Fintech Open Source Foundation GitProxy versions 1.19.1 and earlier, which stems...
The Fintech Open Source Foundation GitProxy 安全漏洞
The Fintech Open Source Foundation GitProxy is a deployment of custom push protection and policies on top of Git by The Fintech Open Source Foundation Foundation. A security vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and earlier versions, which stems from a...
PT-2025-31446 · Gitproxy · Git-Proxy
Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A flaw in how GitProxy handles new branch creation allows attackers to bypass the approval o...
The Fintech Open Source Foundation GitProxy 安全漏洞
The Fintech Open Source Foundation GitProxy is a The Fintech Open Source Foundation Foundation deployment of custom push protections and policies on top of Git. A security vulnerability exists in The Fintech Open Source Foundation GitProxy 1.19.1 and earlier versions, which stems from the...