Описание
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift API for Data Protection | oadp/oadp-mustgather-rhel8 | Will not fix | ||
| OpenShift Developer Tools and Services | odo | Will not fix | ||
| OpenShift Serverless | openshift-serverless-1/client-kn-rhel8 | Affected | ||
| OpenShift Serverless | openshift-serverless-1-func-utils-rhel8-container | Affected | ||
| OpenShift Serverless | openshift-serverless-1/kn-cli-artifacts-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/multicluster-operators-subscription-rhel8 | Affected | ||
| Red Hat Ceph Storage 7 | rhceph/grafana-rhel9 | Affected | ||
| Red Hat Enterprise Linux 9 | grafana | Affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-data-science-pipelines-argo-argoexec-container | Affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-data-science-pipelines-argo-workflowcontroller-container | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
go-git is a highly extensible git implementation library written in pu ...
go-git clients vulnerable to DoS via maliciously crafted Git server replies
7.5 High
CVSS3