CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
61.4%
A path traversal vulnerability was discovered in go-git versions prior to
v5.11. This vulnerability allows an attacker to create and amend files
across the filesystem. In the worse case scenario, remote code execution
could be achieved. Applications are only affected if they are using the
ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS ,
which is the default when using “Plain” versions of Open and Clone funcs
(e.g. PlainClone). Applications using BoundOS
https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory
filesystems are not affected by this issue. This is a go-git implementation
issue and does not affect the upstream git cli.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | golang-github-go-git-go-git | < any | UNKNOWN |
ubuntu | 24.04 | noarch | golang-github-go-git-go-git | < any | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
61.4%