CVE-2025-52569

N/A

Beschreibung

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht6/25/2025

Zuletzt geandert6/26/2025

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-20CWE-22

Referenzen

https://github.com/JuliaWeb/GitHub.jl/pull/224(security-advisories@github.com)

https://github.com/JuliaWeb/GitHub.jl/security/advisories/GHSA-jg9p-c3wh-q83x(security-advisories@github.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.