CRITICAL🇵🇱 Wersja polska

CVE-2025-21613

CVSS 9.2v4.0pub. 2025-01-06upd. 2025-04-17

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
  • Go Git Project Go Git

    APP
    Go-Git Project
    < 5.13.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-49569CRITICAL9.8PL ✓ten sam produkt

Path Traversal w go-git umożliwiający RCE (CVE-2023-49569)

CVE-2026-45022HIGH7.0ten sam produkt

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-g...

CVE-2025-21614HIGH7.5ten sam produkt

go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnera...

CVE-2023-49568HIGH7.5ten sam produkt

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability a...

CVE-2026-45571MEDIUM5.4ten sam produkt

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a pa...