CVE-2025-52569

N/A

Description

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.

Details CVE

Score CVSS v3.1N/A

Publie6/25/2025

Derniere modification6/26/2025

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-20CWE-22

References

https://github.com/JuliaWeb/GitHub.jl/pull/224(security-advisories@github.com)

https://github.com/JuliaWeb/GitHub.jl/security/advisories/GHSA-jg9p-c3wh-q83x(security-advisories@github.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.