Vulnerability Report: GO-2024-2456

Affected Packages

• Path
  Versions
  Symbols
• github.com/go-git/go-git/v5
  from v5.0.0 before v5.11.0
  96 affected symbols

  • AddOptions.Validate
  • Blame
  • BlameResult.String
  • Clone
  • CloneContext
  • CommitOptions.Validate
  • CreateTagOptions.Validate
  • GrepOptions.Validate
  • GrepResult.String
  • Init
  • InitWithOptions
  • NoMatchingRefSpecError.Error
  • Open
  • PlainClone
  • PlainCloneContext
  • PlainInit
  • PlainInitWithOptions
  • PlainOpen
  • PlainOpenWithOptions
  • Remote.Fetch
  • Remote.FetchContext
  • Remote.List
  • Remote.ListContext
  • Remote.Push
  • Remote.PushContext
  • Remote.String
  • Repository.BlobObject
  • Repository.BlobObjects
  • Repository.Branch
  • Repository.Branches
  • Repository.CommitObject
  • Repository.CommitObjects
  • Repository.Config
  • Repository.ConfigScoped
  • Repository.CreateBranch
  • Repository.CreateRemote
  • Repository.CreateRemoteAnonymous
  • Repository.CreateTag
  • Repository.DeleteBranch
  • Repository.DeleteObject
  • Repository.DeleteRemote
  • Repository.DeleteTag
  • Repository.Fetch
  • Repository.FetchContext
  • Repository.Grep
  • Repository.Head
  • Repository.Log
  • Repository.Notes
  • Repository.Object
  • Repository.Objects
  • Repository.Prune
  • Repository.Push
  • Repository.PushContext
  • Repository.Reference
  • Repository.References
  • Repository.Remote
  • Repository.Remotes
  • Repository.RepackObjects
  • Repository.ResolveRevision
  • Repository.SetConfig
  • Repository.Tag
  • Repository.TagObject
  • Repository.TagObjects
  • Repository.Tags
  • Repository.TreeObject
  • Repository.TreeObjects
  • ResetOptions.Validate
  • Status.String
  • Submodule.Init
  • Submodule.Repository
  • Submodule.Status
  • Submodule.Update
  • Submodule.UpdateContext
  • SubmoduleStatus.String
  • Submodules.Init
  • Submodules.Status
  • Submodules.Update
  • Submodules.UpdateContext
  • SubmodulesStatus.String
  • Worktree.Add
  • Worktree.AddGlob
  • Worktree.AddWithOptions
  • Worktree.Checkout
  • Worktree.Clean
  • Worktree.Commit
  • Worktree.Grep
  • Worktree.Move
  • Worktree.Pull
  • Worktree.PullContext
  • Worktree.Remove
  • Worktree.RemoveGlob
  • Worktree.Reset
  • Worktree.ResetSparsely
  • Worktree.Status
  • Worktree.Submodule
  • Worktree.Submodules
• github.com/go-git/go-git/v5/config
  from v5.0.0 before v5.11.0
  6 affected symbols

  • Branch.Validate
  • Config.Unmarshal
  • Config.Validate
  • LoadConfig
  • ReadConfig
  • RemoteConfig.Validate
• github.com/go-git/go-git/v5/plumbing/object
  from v5.0.0 before v5.11.0
  • Commit.Stats
  • Commit.StatsContext
  • Patch.Stats
• github.com/go-git/go-git/v5/storage/filesystem
  from v5.0.0 before v5.11.0
  6 affected symbols

  • ConfigStorage.Config
  • ConfigStorage.SetConfig
  • ModuleStorage.Module
  • NewStorage
  • NewStorageWithOptions
  • ObjectStorage.EncodedObject
• github.com/go-git/go-git/v5/storage/filesystem/dotgit
  from v5.0.0 before v5.11.0
  • DotGit.Alternates

Aliases

• CVE-2023-49569
• GHSA-449p-3h89-pw88

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-49569
• https://vuln.go.dev/ID/GO-2024-2456.json

Credits

• Ionut Lalu

Feedback