Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
Typedeb
Namespacedebian
Namegolang-github-go-git-go-git
Version5.11.0-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version5.13.2-1
Latest_non_vulnerable_version5.17.1-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-6smu-rrju-z7ca
vulnerability_id VCID-6smu-rrju-z7ca
summary 
Maliciously crafted Git server replies can cause DoS on go-git clients
### Impact
A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. 

Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability.
This is a `go-git` implementation issue and does not affect the upstream `git` cli.

### Patches
Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability.

### Workarounds
In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers.

## Credit
Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us.

### References
- [GHSA-mw99-9chc-xw7r](https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49568.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49568.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49568
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29683
published_at 2026-04-21T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29905
published_at 2026-04-04T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.29721
published_at 2026-04-07T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29782
published_at 2026-04-12T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29818
published_at 2026-04-09T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29827
published_at 2026-04-11T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29732
published_at 2026-04-13T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29749
published_at 2026-04-16T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.29727
published_at 2026-04-18T12:55:00Z
9
value 0.00115
scoring_system epss
scoring_elements 0.30315
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49568
2
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
3
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-12T18:15:52Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49568
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49568
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
reference_id 1060701
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2258165
reference_id 2258165
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2258165
7
reference_url https://access.redhat.com/errata/RHSA-2024:0298
reference_id RHSA-2024:0298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0298
8
reference_url https://access.redhat.com/errata/RHSA-2024:0641
reference_id RHSA-2024:0641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0641
9
reference_url https://access.redhat.com/errata/RHSA-2024:0642
reference_id RHSA-2024:0642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0642
10
reference_url https://access.redhat.com/errata/RHSA-2024:0691
reference_id RHSA-2024:0691
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0691
11
reference_url https://access.redhat.com/errata/RHSA-2024:0692
reference_id RHSA-2024:0692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0692
12
reference_url https://access.redhat.com/errata/RHSA-2024:0735
reference_id RHSA-2024:0735
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0735
13
reference_url https://access.redhat.com/errata/RHSA-2024:0740
reference_id RHSA-2024:0740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0740
14
reference_url https://access.redhat.com/errata/RHSA-2024:0832
reference_id RHSA-2024:0832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0832
15
reference_url https://access.redhat.com/errata/RHSA-2024:0833
reference_id RHSA-2024:0833
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0833
16
reference_url https://access.redhat.com/errata/RHSA-2024:0843
reference_id RHSA-2024:0843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0843
17
reference_url https://access.redhat.com/errata/RHSA-2024:0845
reference_id RHSA-2024:0845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0845
18
reference_url https://access.redhat.com/errata/RHSA-2024:0880
reference_id RHSA-2024:0880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0880
19
reference_url https://access.redhat.com/errata/RHSA-2024:0989
reference_id RHSA-2024:0989
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0989
20
reference_url https://access.redhat.com/errata/RHSA-2024:1052
reference_id RHSA-2024:1052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1052
21
reference_url https://access.redhat.com/errata/RHSA-2024:1557
reference_id RHSA-2024:1557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1557
22
reference_url https://access.redhat.com/errata/RHSA-2024:1570
reference_id RHSA-2024:1570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1570
23
reference_url https://access.redhat.com/errata/RHSA-2024:1896
reference_id RHSA-2024:1896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1896
24
reference_url https://access.redhat.com/errata/RHSA-2024:3889
reference_id RHSA-2024:3889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3889
25
reference_url https://access.redhat.com/errata/RHSA-2024:3925
reference_id RHSA-2024:3925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3925
26
reference_url https://access.redhat.com/errata/RHSA-2024:4010
reference_id RHSA-2024:4010
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4010
27
reference_url https://usn.ubuntu.com/8088-1/
reference_id USN-8088-1
reference_type
scores
url https://usn.ubuntu.com/8088-1/
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-62r9-cvp9-tfbg
1
vulnerability VCID-kqrm-h42a-13ce
2
vulnerability VCID-m4t6-vddc-3bfw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1%3Fdistro=trixie
aliases CVE-2023-49568, GHSA-mw99-9chc-xw7r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6smu-rrju-z7ca
1
url VCID-rka6-epua-h7gz
vulnerability_id VCID-rka6-epua-h7gz
summary 
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
### Impact
A path traversal vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.

Applications are only affected if they are using the [ChrootOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS), which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using [BoundOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS) or in-memory filesystems are not affected by this issue.
This is a `go-git` implementation issue and does not affect the upstream `git` cli.

### Patches
Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability.

### Workarounds
In cases where a bump to the latest version of `go-git` is not possible in a timely manner, we recommend limiting its use to only trust-worthy Git servers.

## Credit
Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49569.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49569.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49569
reference_id
reference_type
scores
0
value 0.04027
scoring_system epss
scoring_elements 0.88494
published_at 2026-04-21T12:55:00Z
1
value 0.04027
scoring_system epss
scoring_elements 0.88457
published_at 2026-04-07T12:55:00Z
2
value 0.04027
scoring_system epss
scoring_elements 0.88476
published_at 2026-04-08T12:55:00Z
3
value 0.04027
scoring_system epss
scoring_elements 0.88482
published_at 2026-04-09T12:55:00Z
4
value 0.04027
scoring_system epss
scoring_elements 0.88492
published_at 2026-04-11T12:55:00Z
5
value 0.04027
scoring_system epss
scoring_elements 0.88485
published_at 2026-04-12T12:55:00Z
6
value 0.04027
scoring_system epss
scoring_elements 0.88484
published_at 2026-04-13T12:55:00Z
7
value 0.04027
scoring_system epss
scoring_elements 0.88499
published_at 2026-04-16T12:55:00Z
8
value 0.04027
scoring_system epss
scoring_elements 0.88496
published_at 2026-04-18T12:55:00Z
9
value 0.04027
scoring_system epss
scoring_elements 0.88453
published_at 2026-04-04T12:55:00Z
10
value 0.04134
scoring_system epss
scoring_elements 0.88604
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49569
2
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
3
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-18T19:36:00Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49569
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49569
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
reference_id 1060701
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2258143
reference_id 2258143
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2258143
7
reference_url https://access.redhat.com/errata/RHSA-2023:7197
reference_id RHSA-2023:7197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7197
8
reference_url https://access.redhat.com/errata/RHSA-2023:7198
reference_id RHSA-2023:7198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7198
9
reference_url https://access.redhat.com/errata/RHSA-2024:0040
reference_id RHSA-2024:0040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0040
10
reference_url https://access.redhat.com/errata/RHSA-2024:0298
reference_id RHSA-2024:0298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0298
11
reference_url https://access.redhat.com/errata/RHSA-2024:0641
reference_id RHSA-2024:0641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0641
12
reference_url https://access.redhat.com/errata/RHSA-2024:0642
reference_id RHSA-2024:0642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0642
13
reference_url https://access.redhat.com/errata/RHSA-2024:0692
reference_id RHSA-2024:0692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0692
14
reference_url https://access.redhat.com/errata/RHSA-2024:0735
reference_id RHSA-2024:0735
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0735
15
reference_url https://access.redhat.com/errata/RHSA-2024:0740
reference_id RHSA-2024:0740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0740
16
reference_url https://access.redhat.com/errata/RHSA-2024:0832
reference_id RHSA-2024:0832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0832
17
reference_url https://access.redhat.com/errata/RHSA-2024:0833
reference_id RHSA-2024:0833
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0833
18
reference_url https://access.redhat.com/errata/RHSA-2024:0843
reference_id RHSA-2024:0843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0843
19
reference_url https://access.redhat.com/errata/RHSA-2024:0845
reference_id RHSA-2024:0845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0845
20
reference_url https://access.redhat.com/errata/RHSA-2024:0880
reference_id RHSA-2024:0880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0880
21
reference_url https://access.redhat.com/errata/RHSA-2024:0989
reference_id RHSA-2024:0989
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0989
22
reference_url https://access.redhat.com/errata/RHSA-2024:1052
reference_id RHSA-2024:1052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1052
23
reference_url https://access.redhat.com/errata/RHSA-2024:1549
reference_id RHSA-2024:1549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1549
24
reference_url https://access.redhat.com/errata/RHSA-2024:1557
reference_id RHSA-2024:1557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1557
25
reference_url https://access.redhat.com/errata/RHSA-2024:1896
reference_id RHSA-2024:1896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1896
26
reference_url https://access.redhat.com/errata/RHSA-2024:2633
reference_id RHSA-2024:2633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2633
27
reference_url https://access.redhat.com/errata/RHSA-2024:3925
reference_id RHSA-2024:3925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3925
28
reference_url https://access.redhat.com/errata/RHSA-2024:4118
reference_id RHSA-2024:4118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4118
29
reference_url https://access.redhat.com/errata/RHSA-2024:5013
reference_id RHSA-2024:5013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5013
30
reference_url https://access.redhat.com/errata/RHSA-2024:6221
reference_id RHSA-2024:6221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6221
31
reference_url https://usn.ubuntu.com/8088-1/
reference_id USN-8088-1
reference_type
scores
url https://usn.ubuntu.com/8088-1/
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-62r9-cvp9-tfbg
1
vulnerability VCID-kqrm-h42a-13ce
2
vulnerability VCID-m4t6-vddc-3bfw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1%3Fdistro=trixie
aliases CVE-2023-49569, GHSA-449p-3h89-pw88
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rka6-epua-h7gz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1%3Fdistro=trixie