CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
17.0%
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11
. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git
clients.
Applications using only the in-memory filesystem supported by go-git
are not affected by this vulnerability.
This is a go-git
implementation issue and does not affect the upstream git
cli.
Users running versions of go-git
from v4
and above are recommended to upgrade to v5.11
in order to mitigate this vulnerability.
In cases where a bump to the latest version of go-git
is not possible, we recommend limiting its use to only trust-worthy Git servers.
Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
17.0%