CVE-2025-21613

Critical CVSS: 9.2

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.

Vendor

Go-git Project

Product

Go-git

CWE

CWE-88

Yayın Tarihi

2025-01-06 17:15:47

Güncelleme

2025-04-17 02:33:57

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-88 Go-git CRITICAL Go-git Project 2025

Referanslar

https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m

Benzer Kayıtlar

Medium

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vu…

Low

CVE-2026-33762

go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder f…

Medium

CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discov…

High

CVE-2025-21614

go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was…