You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
go git security
About this tag
The go git security tag covers discussions about vulnerabilities and mitigations in the go-git library, a pure-Go implementation of Git. A key topic is CVE-2023-49569, a critical path traversal flaw in go-git that can lead to remote code execution when processing malicious Git server replies. This tag is relevant for developers and IT professionals using go-git in automation systems or cloud environments, focusing on patching and securing against such exploits.
The discovery of CVE-2023-49569 exposed a strikingly dangerous gap in a widely used pure-Go Git library: maliciously crafted Git server replies can trigger a path traversal flaw in go-git clients that, in the worst case, enables full remote code execution (RCE) on hosts that consume untrusted...