These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A path validation vulnerability in go-git, a pure Go Git implementation library, could allow crafted repository data to write files outside the intended checkout directory, including the repository's .git directory. The issue stems from go-git lacking validations that upstream Git introduced years ago. Affected versions are prior to 5.19.1 and 6.0.0-alpha.4; fixed versions are 5.19.1 and 6.0.0-alpha.4. Th [truncated]
go-git is a pure Go implementation of Git operations used by many applications for programmatic repository interaction. This CVE documents a command injection vulnerability in the library's SSH transport layer where repository paths containing single quotes are not properly escaped when constructing remote exec commands. The vulnerability allows path contents to break out of quoted regions and append addi [truncated]
go-git is a pure Go implementation of Git used by many tools and services for programmatic repository operations. This vulnerability affects versions prior to 5.19.0 and 6.0.0-alpha.3, where malformed Git objects may be parsed differently than upstream Git would handle them. When commit or tag objects contain ambiguous or malformed headers, go-git's internal representation can expose values that diverge f [truncated]