Количество 8
Количество 8
GHSA-449p-3h89-pw88
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
CVE-2023-49569
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.
CVE-2023-49569
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.
CVE-2023-49569
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.
CVE-2023-49569
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
CVE-2023-49569
A path traversal vulnerability was discovered in go-git versions prior ...
BDU:2025-11252
Уязвимость библиотеки go-git, связанная с неправильным ограничением пути к ограниченному каталогу, позволяющая нарушителю создавать, изменять файлы или выполнить произвольный код
ROS-20250903-02
Уязвимость go-git
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-449p-3h89-pw88 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients | CVSS3: 9.8 | 4% Низкий | около 2 лет назад |
 | CVE-2023-49569 A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli. | CVSS3: 9.8 | 4% Низкий | около 2 лет назад |
 | CVE-2023-49569 A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli. | CVSS3: 8.1 | 4% Низкий | около 2 лет назад |
 | CVE-2023-49569 A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli. | CVSS3: 9.8 | 4% Низкий | около 2 лет назад |
 | CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients | CVSS3: 9.8 | 4% Низкий | больше 1 года назад |
| CVE-2023-49569 A path traversal vulnerability was discovered in go-git versions prior ... | CVSS3: 9.8 | 4% Низкий | около 2 лет назад |
 | BDU:2025-11252 Уязвимость библиотеки go-git, связанная с неправильным ограничением пути к ограниченному каталогу, позволяющая нарушителю создавать, изменять файлы или выполнить произвольный код | CVSS3: 9.8 | 4% Низкий | около 2 лет назад |
 | ROS-20250903-02 Уязвимость go-git | CVSS3: 9.8 | 4% Низкий | 5 месяцев назад |
Уязвимостей на страницу