CVE-2025-52569

N/A

Descripcion

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.

Detalles CVE

Puntuacion CVSS v3.1N/A

Publicado6/25/2025

Ultima modificacion6/26/2025

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-20CWE-22

Referencias

https://github.com/JuliaWeb/GitHub.jl/pull/224(security-advisories@github.com)

https://github.com/JuliaWeb/GitHub.jl/security/advisories/GHSA-jg9p-c3wh-q83x(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.