CNNVD-202507-3819 Information

Jul 30, 2025 cve

CNNVD ID

CNNVD-202507-3819

CVE-2025-54584

CNNVD Published: 2025-07-30

Description (Chinese)

The Fintech Open Source Foundation GitProxy是The Fintech Open Source Foundation基金会的一个在Git之上部署自定义推送保护和策略。 The Fintech Open Source Foundation GitProxy 1.19.1及之前版本存在安全漏洞，该漏洞源于处理恶意Git packfile时可能绕过批准或隐藏提交。

Description (English)

The Fintech Open Source Foundation GitProxy is a self-defined protection and strategy deployed over Git by the Fintech Open Source Foundation. The Fintech Open Source Foundation GitProxy 1.19.1 and previous versions contain a security loophole that arises from the possibility of circumventing approval or concealing submissions when dealing with malicious Git package.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

The Fintech Open Source Foundation

Published

2025-07-30

Last Modified

2026-02-24

References

https://github.com/finos/git-proxy/commit/333c98a165a5a1ec88414db3d4a2c6f81e083e0f https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a https://github.com/finos/git-proxy/releases/tag/v1.19.2 https://github.com/finos/git-proxy/security/advisories/GHSA-xxmh-rf63-qwjv

Patch

https://github.com/finos/git-proxy/releases

Share on: