Primary

Context

GitForge.jl Path Traversal Vulnerability in GitHub.repo() Function

Vulnerability

A path traversal vulnerability has been identified in GitForge.jl, a package for interacting with Git forges. All versions prior to 5.9.1 are affected. The vulnerability arises from a lack of input validation for user-provided values in the GitHub.repo() function. Users can submit any string for the repo_name field, which is then sent directly to the server without proper validation or encoding. This flaw allows the inclusion of path traversal patterns, such as '../', to access unintended endpoints on api.github.com.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive endpoints on the GitHub API, potentially allowing for manipulation or retrieval of data that should not be accessible.

Remediation

Users are advised to upgrade to version 5.9.1 or later. The latest version is 5.10.0.

Added: Jun 25, 2025, 6:22 PM

Updated: Jun 25, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitForge.jl Path Traversal Vulnerability in GitHub.repo() Function

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating