Gitproxy Security Vulnerabilities and Issues — Gitproxy CVE List

FinosGitproxy

4 matches found

CVE•added 2025/07/30 8:1 p.m.•22 views

CVE-2025-54584

GitProxy (versions ≤ 1.19.1) is vulnerable to a packfile parsing exploit due to the parsePush.ts PACK signature detection. An attacker can craft a malicious Git packfile that embeds a misleading PACK signature within commit content and manipulates the packet structure, causing the parser to treat...

7CVSS6.3AI score0.00227EPSS

CVE•added 2025/07/30 7:59 p.m.•21 views

CVE-2025-54583

GitProxy (finos/git-proxy) vulnerability CVE-2025-54583 affects version 1.19.1 and earlier; 1.19.2 fixes the issue. The flaw allows pushing to a remote repository while bypassing policy checks and explicit approvals when multiple branches are pushed, enabling code that should be blocked (e.g., se...

8.3CVSS6.7AI score0.00187EPSS

CVE•added 2025/07/30 8:17 p.m.•16 views

CVE-2025-54585

GitProxy (versions ≤ 1.19.1) is vulnerable to a new-branch approval exploit: nearby commits on a parent branch can be pushed without proper approval due to how new branches are detected (uses a zero-hash check). The issue requires only regular push access and no extra user interaction, but it doe...

8.2CVSS6.5AI score0.00187EPSS

CVE•added 2025/07/30 9:14 p.m.•14 views

CVE-2025-54586

GitProxy

7.1CVSS6.3AI score0.00227EPSS