go-git 厂商相关 8 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。
go-git 是一个用 Go 语言实现的纯 Git 库,主要用于提供无需外部依赖的 Git 版本控制功能。历史上,该项目曾存在命令注入、路径遍历和内存泄漏等漏洞类型,部分可导致远程代码执行。截至最新统计,该库已记录 7 条 CVE 漏洞,主要集中在输入验证和内存管理方面。开发者在使用时需注意对用户输入进行严格过滤,并关注官方安全更新以防范潜在风险。
| CVE ID | タイトル | CVSS | 深刻度 | 公開日 |
|---|---|---|---|---|
| CVE-2026-41506 | go-git Credential leak via cross-host redirect in smart HTTP transport — go-gitCWE-522 | 4.7 | Medium | 2026-05-08 |
| CVE-2026-33762 | go-git: Missing validation decoding Index v4 files leads to panic — go-gitCWE-129 | 2.8 | Low | 2026-03-31 |
| CVE-2026-34165 | go-git: Maliciously crafted idx file can cause asymmetric memory consumption — go-gitCWE-191 | 5.0 | Medium | 2026-03-31 |
| CVE-2026-25934 | go-git improperly verifies data integrity values for .idx and .pack files — go-gitCWE-354 | 4.3 | Medium | 2026-02-09 |
| CVE-2025-21614 | go-git clients vulnerable to DoS via maliciously crafted Git server replies — go-gitCWE-400 | 7.5 | High | 2025-01-06 |
| CVE-2025-21613 | go-git has an Argument Injection via the URL field — go-gitCWE-88 | 9.1 | - | 2025-01-06 |
| CVE-2023-49569 | Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients — go-gitCWE-22 | 9.8 | Critical | 2024-01-12 |
| CVE-2023-49568 | Maliciously crafted Git server replies can cause DoS on go-git clients — go-gitCWE-20 | 7.5 | High | 2024-01-12 |
本页汇总了 go-git 厂商截至目前公开的全部 8 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。