GO-2024-2456
See a problem?- Source
- https://pkg.go.dev/vuln/GO-2024-2456
- Import Source
- https://vuln.go.dev/ID/GO-2024-2456.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-2456
- Aliases
- Published
- 2024-01-23T15:29:09Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Path traversal and RCE in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4
- Details
-
Path traversal and RCE in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4
- References
- Credits
-
-
- Ionut Lalu
-
Affected packages
Go / gopkg.in/src-d/go-git.v4
Package
- Name
- gopkg.in/src-d/go-git.v4
- View open source insights on deps.dev
- Purl
- pkg:golang/gopkg.in/src-d/go-git.v4
Go / github.com/go-git/go-git/v5
Package
- Name
- github.com/go-git/go-git/v5
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/go-git/go-git/v5
Ecosystem specific
{
"imports": [
{
"path": "github.com/go-git/go-git/v5",
"symbols": [
"AddOptions.Validate",
"Blame",
"BlameResult.String",
"Clone",
"CloneContext",
"CommitOptions.Validate",
"CreateTagOptions.Validate",
"GrepOptions.Validate",
"GrepResult.String",
"Init",
"InitWithOptions",
"NoMatchingRefSpecError.Error",
"Open",
"PlainClone",
"PlainCloneContext",
"PlainInit",
"PlainInitWithOptions",
"PlainOpen",
"PlainOpenWithOptions",
"Remote.Fetch",
"Remote.FetchContext",
"Remote.List",
"Remote.ListContext",
"Remote.Push",
"Remote.PushContext",
"Remote.String",
"Repository.BlobObject",
"Repository.BlobObjects",
"Repository.Branch",
"Repository.Branches",
"Repository.CommitObject",
"Repository.CommitObjects",
"Repository.Config",
"Repository.ConfigScoped",
"Repository.CreateBranch",
"Repository.CreateRemote",
"Repository.CreateRemoteAnonymous",
"Repository.CreateTag",
"Repository.DeleteBranch",
"Repository.DeleteObject",
"Repository.DeleteRemote",
"Repository.DeleteTag",
"Repository.Fetch",
"Repository.FetchContext",
"Repository.Grep",
"Repository.Head",
"Repository.Log",
"Repository.Notes",
"Repository.Object",
"Repository.Objects",
"Repository.Prune",
"Repository.Push",
"Repository.PushContext",
"Repository.Reference",
"Repository.References",
"Repository.Remote",
"Repository.Remotes",
"Repository.RepackObjects",
"Repository.ResolveRevision",
"Repository.SetConfig",
"Repository.Tag",
"Repository.TagObject",
"Repository.TagObjects",
"Repository.Tags",
"Repository.TreeObject",
"Repository.TreeObjects",
"ResetOptions.Validate",
"Status.String",
"Submodule.Init",
"Submodule.Repository",
"Submodule.Status",
"Submodule.Update",
"Submodule.UpdateContext",
"SubmoduleStatus.String",
"Submodules.Init",
"Submodules.Status",
"Submodules.Update",
"Submodules.UpdateContext",
"SubmodulesStatus.String",
"Worktree.Add",
"Worktree.AddGlob",
"Worktree.AddWithOptions",
"Worktree.Checkout",
"Worktree.Clean",
"Worktree.Commit",
"Worktree.Grep",
"Worktree.Move",
"Worktree.Pull",
"Worktree.PullContext",
"Worktree.Remove",
"Worktree.RemoveGlob",
"Worktree.Reset",
"Worktree.ResetSparsely",
"Worktree.Status",
"Worktree.Submodule",
"Worktree.Submodules",
"Worktree.checkoutFileSymlink",
"Worktree.createBranch",
"buildTreeHelper.BuildTree",
"checkFastForwardUpdate",
"isFastForward"
]
},
{
"path": "github.com/go-git/go-git/v5/config",
"symbols": [
"Branch.Validate",
"Config.Unmarshal",
"Config.Validate",
"LoadConfig",
"ReadConfig",
"RemoteConfig.Validate"
]
},
{
"path": "github.com/go-git/go-git/v5/plumbing/object",
"symbols": [
"Commit.Stats",
"Commit.StatsContext",
"Patch.Stats",
"getFileStatsFromFilePatches"
]
},
{
"path": "github.com/go-git/go-git/v5/storage/filesystem",
"symbols": [
"ConfigStorage.Config",
"ConfigStorage.SetConfig",
"ModuleStorage.Module",
"NewStorage",
"NewStorageWithOptions",
"ObjectStorage.EncodedObject"
]
},
{
"path": "github.com/go-git/go-git/v5/storage/filesystem/dotgit",
"symbols": [
"DotGit.Alternates"
]
}
]
}