CVE-2023-49569

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 12, 2024

Updated: Jan 22, 2024

CWE ID 22

Summary

CVE-2023-49569 is a newly discovered path traversal vulnerability affecting go-git versions prior to v5.11. This issue allows attackers to create and manipulate files beyond intended boundaries, with potential for remote code execution in the worst-case scenario. The vulnerability comes into play when applications utilize the default ChrootOS file system provided by go-git, but it does not affect applications using BoundOS or in-memory filesystems. This is an isolated go-git implementation issue unrelated to the upstream git cli.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tlY1Gs
https://www.cve.org/CVERecord?id=CVE-2023-49569
https://nvd.nist.gov/vuln/detail/CVE-2023-49569

Back to Vulnerability Database

CVE-2023-49569

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations