Описание
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | assisted/agent-preinstall-image-builder-rhel9 | Under investigation | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-controller-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-controller-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-git-cloner-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-image-bundler-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-image-processing-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-waiters-rhel9 | Under investigation | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-webhook-rhel9 | Under investigation | ||
| Compliance Operator | compliance/openshift-compliance-must-gather-rhel8 | Under investigation | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-must-gather-rhel9 | Under investigation |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
go-git clients vulnerable to DoS via maliciously crafted Git server replies
go-git is a highly extensible git implementation library written in pu ...
go-git clients vulnerable to DoS via maliciously crafted Git server replies
EPSS
7.5 High
CVSS3