漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
go-git has an Argument Injection via the URL field
Vulnerability Description
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.
CVSS Information
N/A
Vulnerability Type
参数注入或修改
Vulnerability Title
go-git 参数注入漏洞
Vulnerability Description
go-git是go-git开源的一个用纯 Go 编写的高度可扩展的 git 实现库。 go-git v5.13之前版本存在参数注入漏洞,该漏洞源于存在参数注入漏洞,可能允许攻击者将任意值设置为git-upload-pack标志。
CVSS Information
N/A
Vulnerability Type
N/A