​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-54g8-jwm3-m68x

Published

Last updated

https://images.chainguard.dev/security/CGA-54g8-jwm3-m68x
Package

argo-cd-2.7

Latest Update
Fixed
Fixed Version

2.7.15-r7

Aliases
  • CVE-2023-49568
  • GHSA-mw99-9chc-xw7r

Severity

7.5

High

CVSS V3

Summary

Maliciously crafted Git server replies can cause DoS on go-git clients

Description

Impact

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.

Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.

Patches

Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

Workarounds

In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

Credit

Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us.

References

  • GHSA-mw99-9chc-xw7r

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images