3 matches found
JLSEC-2025-4 Argument injection in `gettreesha()` function in Registrator.jl
Impact If the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, an argument injection is possible in the gettreesha function. This can then lead to a potential RCE. Patches Users should upgrade immediately to v1.9.5. All prior versions are vulnerable...
CVE-2025-52480
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities, an argument injection is possible in the...
CVE-2025-52480
CVE-2025-52480 affects Registrator.jl. If the clone URL from GitHub is malicious (or injected via upstream vulnerabilities), an argument injection in the gettreesha() function can enable remote code execution. Impact is described as a potential RCE; affected versions are prior to 1.9.5. Remediati...