TROYANOSYVIRUS
Back to CVEs

CVE-2025-52569

N/A

Description

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.

CVE Details

CVSS v3.1 ScoreN/A
Published6/25/2025
Last Modified6/26/2025
Sourcenvd
Honeypot Sightings0

Weaknesses (CWE)

CWE-20CWE-22

References

https://github.com/JuliaWeb/GitHub.jl/pull/224(security-advisories@github.com)
https://github.com/JuliaWeb/GitHub.jl/security/advisories/GHSA-jg9p-c3wh-q83x(security-advisories@github.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.