11 matches found
CVE-2023-49569
CVE-2023-49569 affects go-git prior to v5.11 and enables a path traversal that could let an attacker create or amend files across the filesystem, potentially leading to remote code execution. Affected apps are those using the ChrootOS filesystem wrapper (default for PlainClone/Open/Clone paths); ...
CVE-2025-21613
CVE-2025-21613 affects the go-git library. Affected: go-git prior to 5.13.0. Issue: argument injection vulnerability allowing an attacker to set arbitrary values on git-upload-pack flags when using the file transport protocol (shelling out to git binaries). Impact: potential disclosure/integrity/...
CVE-2023-49568
CVE-2023-49568 affects go-git (Go) and is a DoS due to specially crafted responses from a Git server triggering resource exhaustion in go-git clients. Affected are go-git versions prior to v5.11; in-memory filesystem usage by go-git is not affected. This is a go-git implementation issue and does ...
CVE-2025-21614
CVE-2025-21614: A DoS vulnerability in the Go Git implementation (go-git) affects versions prior to v5.13. The issue allows an attacker to exhaust resources in go-git clients by returning specially crafted responses from a Git server. Mitigation: upgrade from v4 to v5.13 or later. The description...
CVE-2026-45022
CVE-2026-45022 affects the Go Git library, go-git, where prior to v5.19.0 and v6.0.0-alpha.3 it may parse malformed commit/tag objects differently from upstream Git. The decoded representation can expose values differently and the commit signing/verification may operate on reconstructed data rath...
CVE-2026-25934
Summary of CVE-2026-25934 : The go-git library (prior to v5.16.5) did not properly verify data integrity for .pack and .idx files, which could allow consuming corrupted packfiles/indexes and result in errors such as object not found. This vulnerability affects the integrity checks used when fetch...
CVE-2026-33762
The CVE-2026-33762 vulnerability affects the go-git library prior to v5.17.1, specifically the index decoder for Git index format version 4. The issue is a missing validation of the path name prefix length before applying it to the decoded path, which can cause an out-of-bounds slice operation an...
CVE-2026-41506
go-git is vulnerable to credential leakage during smart-HTTP redirects in clone/fetch operations prior to versions 5.18.0 and 6.0.0-alpha.2. The issue, a cross-host redirect exposure, has been patched in 5.18.0 and 6.0.0-alpha.2. Impact is a potential exposure of HTTP credentials during redirects...
CVE-2026-45571
Summary for CVE-2026-45571 (go-git) : The vulnerability affects the go-git library prior to version 5.19.1 and 6.0.0-alpha.4, where a path validation issue could allow crafted repository data to affect files outside the intended checkout target, including the repository’s .git directory. The root...
CVE-2026-45570
Technical details beyond the initial description are not present in the connected documents; monitor for updates.
CVE-2026-34165
The connected advisory details a vulnerability in the go-git project where a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting memory and causing a DoS. Exploitation requires write access to the local repository’s .git directory to create or modify .idx...