Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/08/02 8:22 p.m.4 views

CVE-2025-54584

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...

7CVSS6AI score0.0047EPSS
Exploits1References1
NVD
NVD
added 2025/07/30 8:15 p.m.8 views

CVE-2025-54584

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...

7CVSS0.0047EPSS
Exploits1References4
OSV
OSV
added 2025/07/30 4:40 p.m.3 views

GHSA-XXMH-RF63-QWJV GitProxy Backfile Parsing Exploit

Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...

7CVSS7.4AI score0.0047EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/07/30 4:40 p.m.15 views

GitProxy Backfile Parsing Exploit

Summary An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended...

7CVSS7.4AI score0.0047EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.9 views

PT-2025-31443 · Gitproxy · Git-Proxy

Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A crafted malicious Git packfile can exploit the PACK signature detection in the parsePush.t...

7CVSS6.4AI score0.0047EPSS
Exploits1References11
Rows per page
Query Builder