CNNVD-202507-3822 Information
CNNVD ID
CNNVD-202507-3822
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
The Fintech Open Source Foundation GitProxy是The Fintech Open Source Foundation基金会的一个在Git之上部署自定义推送保护和策略。 The Fintech Open Source Foundation GitProxy 1.19.1及之前版本存在授权问题漏洞,该漏洞源于处理新分支创建时可能绕过父分支提交的批准。
Description (English)
The Fintech Open Source Foundation GitProxy is a self-defined protection and strategy deployed over Git by the Fintech Open Source Foundation. The Fintech Open Source Foundation GitProxy 1.19.1 and previous versions had a mandate gap, which stemmed from the possibility of circumventing approvals submitted by parent branches when new branches were created.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
The Fintech Open Source Foundation
Published
2025-07-30
Last Modified
2026-02-24
References
https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a https://github.com/finos/git-proxy/commit/f99fe42082eab0970e4cd0acdc3421a527a7e531 https://github.com/finos/git-proxy/releases/tag/v1.19.2 https://github.com/finos/git-proxy/security/advisories/GHSA-39p2-8hq9-fwj6
Patch
https://github.com/finos/git-proxy/releases
Share on: