Main Vulnerability Database Vulnerabilities #VU85583

#VU85583 Path traversal in go-git - CVE-2023-49569

Published: January 18, 2024

Vulnerability identifier: #VU85583

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-49569

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
go-git

Software vendor:
go-git

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can overwrite arbitrary files on the system. Applications are only affected if they are using the ChrootOS, which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone).

Remediation

Install update from vendor's website.

External links

https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88

#VU85583 Path traversal in go-git - CVE-2023-49569

Description

Remediation

External links

Please verify you're human