Incorrect Authorization

Overview @finos/git-proxy is a Deploy custom push protections and policies on top of Git. Affected versions of this package are vulnerable to Incorrect Authorization via the push parser action process. An attacker can introduce unauthorized changes to remote repositories by bypassing required...

GitProxy Approval Bypass When Pushing Multiple Branches

Summary This vulnerability allows a user to push to the remote repository while bypassing policies and explicit approval. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. Because it can allow policy violations to go undetected, w...