CVE-2025-52569 Information

Jun 26, 2025 cve

Description

GitForge.jl is a unified interface for interacting with Git orges.\ Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the GitHub.repo() function the user can provide any string for the repo_name field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like ../ in the input to access any other endpoints on api.github.com that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.

Reference

https://github.com/JuliaWeb/GitHub.jl/pull/224 https://github.com/JuliaWeb/GitHub.jl/security/advisories/GHSA-jg9p-c3wh-q83x

CNNVD-202506-3190 (Published: 2025-06-25)

Share on:

CVE-2025-52569 Information

Description

Reference

Related CNNVD