Primary

Context

go-git Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in go-git versions prior to 5.13. This issue allows an attacker to cause resource exhaustion in go-git clients by sending specially crafted responses from a Git server. This vulnerability does not affect the upstream Git command-line interface.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing high availability impact on affected systems.

Remediation

Users of go-git version 4.0.0 prior to 5.13.0 should upgrade to version 5.13.0. If an immediate upgrade is not possible, it is recommended to limit the use of go-git to trusted Git servers.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.7

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.7

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

go-git Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

go-git

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating