2 matches found
CVE-2026-41506 go-git Credential leak via cross-host redirect in smart HTTP transport
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....
GHSA-3XC5-WRHM-F963 go-git: Credential leak via cross-host redirect in smart HTTP transport
Impact go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. If a remote repository responds to the initial /info/refs request with a redirect to a different host, go-git updates the session endpoint to the redirected location and...