Vulnerability Report: GO-2024-2456
- CVE-2023-49569, GHSA-449p-3h89-pw88
- Affects: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5
- Published: Jan 23, 2024
- Modified: May 20, 2024
Path traversal and RCE in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4
For detailed information about this vulnerability, visit https://nvd.nist.gov/vuln/detail/CVE-2023-49569.
Affected Packages
-
PathGo VersionsSymbols
-
from v5.0.0 before v5.11.0
96 affected symbols
- AddOptions.Validate
- Blame
- BlameResult.String
- Clone
- CloneContext
- CommitOptions.Validate
- CreateTagOptions.Validate
- GrepOptions.Validate
- GrepResult.String
- Init
- InitWithOptions
- NoMatchingRefSpecError.Error
- Open
- PlainClone
- PlainCloneContext
- PlainInit
- PlainInitWithOptions
- PlainOpen
- PlainOpenWithOptions
- Remote.Fetch
- Remote.FetchContext
- Remote.List
- Remote.ListContext
- Remote.Push
- Remote.PushContext
- Remote.String
- Repository.BlobObject
- Repository.BlobObjects
- Repository.Branch
- Repository.Branches
- Repository.CommitObject
- Repository.CommitObjects
- Repository.Config
- Repository.ConfigScoped
- Repository.CreateBranch
- Repository.CreateRemote
- Repository.CreateRemoteAnonymous
- Repository.CreateTag
- Repository.DeleteBranch
- Repository.DeleteObject
- Repository.DeleteRemote
- Repository.DeleteTag
- Repository.Fetch
- Repository.FetchContext
- Repository.Grep
- Repository.Head
- Repository.Log
- Repository.Notes
- Repository.Object
- Repository.Objects
- Repository.Prune
- Repository.Push
- Repository.PushContext
- Repository.Reference
- Repository.References
- Repository.Remote
- Repository.Remotes
- Repository.RepackObjects
- Repository.ResolveRevision
- Repository.SetConfig
- Repository.Tag
- Repository.TagObject
- Repository.TagObjects
- Repository.Tags
- Repository.TreeObject
- Repository.TreeObjects
- ResetOptions.Validate
- Status.String
- Submodule.Init
- Submodule.Repository
- Submodule.Status
- Submodule.Update
- Submodule.UpdateContext
- SubmoduleStatus.String
- Submodules.Init
- Submodules.Status
- Submodules.Update
- Submodules.UpdateContext
- SubmodulesStatus.String
- Worktree.Add
- Worktree.AddGlob
- Worktree.AddWithOptions
- Worktree.Checkout
- Worktree.Clean
- Worktree.Commit
- Worktree.Grep
- Worktree.Move
- Worktree.Pull
- Worktree.PullContext
- Worktree.Remove
- Worktree.RemoveGlob
- Worktree.Reset
- Worktree.ResetSparsely
- Worktree.Status
- Worktree.Submodule
- Worktree.Submodules
-
from v5.0.0 before v5.11.0
-
from v5.0.0 before v5.11.0
-
from v5.0.0 before v5.11.0
-
from v5.0.0 before v5.11.0
Affected Modules
-
PathGo Versions
-
all versions, no known fixed
Aliases
References
Credits
- Ionut Lalu
Feedback
See anything missing or incorrect?
Suggest an edit to this report.