Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie

Type deb

Namespace debian

Name golang-github-go-git-go-git

Version 5.11.0-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 5.13.2-1

Latest_non_vulnerable_version 5.19.1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2dvh-vfqu-qbe9

vulnerability_id VCID-2dvh-vfqu-qbe9

summary

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.

Applications are only affected if they are using the  ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using  BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS  or in-memory filesystems are not affected by this issue.
This is a go-git implementation issue and does not affect the upstream git cli.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49569.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49569.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49569

reference_id

reference_type

scores

value	0.04027
scoring_system	epss
scoring_elements	0.88743
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49569

reference_url

https://github.com/go-git/go-git

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/go-git/go-git

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-49569

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-49569

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
reference_id	1060701
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258143
reference_id	2258143
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258143

reference_url

https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88

reference_id

GHSA-449p-3h89-pw88

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-18T19:36:00Z/

url

https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88

reference_url	https://access.redhat.com/errata/RHSA-2023:7197
reference_id	RHSA-2023:7197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7197

reference_url	https://access.redhat.com/errata/RHSA-2023:7198
reference_id	RHSA-2023:7198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7198

reference_url	https://access.redhat.com/errata/RHSA-2024:0040
reference_id	RHSA-2024:0040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0040

reference_url	https://access.redhat.com/errata/RHSA-2024:0041
reference_id	RHSA-2024:0041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0041

reference_url	https://access.redhat.com/errata/RHSA-2024:0298
reference_id	RHSA-2024:0298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0298

reference_url	https://access.redhat.com/errata/RHSA-2024:0641
reference_id	RHSA-2024:0641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0641

reference_url	https://access.redhat.com/errata/RHSA-2024:0642
reference_id	RHSA-2024:0642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0642

reference_url	https://access.redhat.com/errata/RHSA-2024:0692
reference_id	RHSA-2024:0692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0692

reference_url	https://access.redhat.com/errata/RHSA-2024:0735
reference_id	RHSA-2024:0735
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0735

reference_url	https://access.redhat.com/errata/RHSA-2024:0740
reference_id	RHSA-2024:0740
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0740

reference_url	https://access.redhat.com/errata/RHSA-2024:0741
reference_id	RHSA-2024:0741
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0741

reference_url	https://access.redhat.com/errata/RHSA-2024:0832
reference_id	RHSA-2024:0832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0832

reference_url	https://access.redhat.com/errata/RHSA-2024:0833
reference_id	RHSA-2024:0833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0833

reference_url	https://access.redhat.com/errata/RHSA-2024:0843
reference_id	RHSA-2024:0843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0843

reference_url	https://access.redhat.com/errata/RHSA-2024:0845
reference_id	RHSA-2024:0845
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0845

reference_url	https://access.redhat.com/errata/RHSA-2024:0880
reference_id	RHSA-2024:0880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0880

reference_url	https://access.redhat.com/errata/RHSA-2024:0989
reference_id	RHSA-2024:0989
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0989

reference_url	https://access.redhat.com/errata/RHSA-2024:1052
reference_id	RHSA-2024:1052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1052

reference_url	https://access.redhat.com/errata/RHSA-2024:1549
reference_id	RHSA-2024:1549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1549

reference_url	https://access.redhat.com/errata/RHSA-2024:1557
reference_id	RHSA-2024:1557
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1557

reference_url	https://access.redhat.com/errata/RHSA-2024:1891
reference_id	RHSA-2024:1891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1891

reference_url	https://access.redhat.com/errata/RHSA-2024:1896
reference_id	RHSA-2024:1896
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1896

reference_url	https://access.redhat.com/errata/RHSA-2024:2047
reference_id	RHSA-2024:2047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2047

reference_url	https://access.redhat.com/errata/RHSA-2024:2633
reference_id	RHSA-2024:2633
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2633

reference_url	https://access.redhat.com/errata/RHSA-2024:3925
reference_id	RHSA-2024:3925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3925

reference_url	https://access.redhat.com/errata/RHSA-2024:4118
reference_id	RHSA-2024:4118
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4118

reference_url	https://access.redhat.com/errata/RHSA-2024:5013
reference_id	RHSA-2024:5013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5013

reference_url	https://access.redhat.com/errata/RHSA-2024:6221
reference_id	RHSA-2024:6221
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6221

reference_url	https://access.redhat.com/errata/RHSA-2024:8425
reference_id	RHSA-2024:8425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8425

reference_url	https://usn.ubuntu.com/8088-1/
reference_id	USN-8088-1
reference_type
scores
url	https://usn.ubuntu.com/8088-1/

fixed_packages

url	pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
purl	pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1%3Fdistro=trixie

url pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie

purl pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gn1a-zd3y-k3hu

vulnerability	VCID-hz4m-zckh-p7f8

vulnerability	VCID-kwgg-vwce-y3dc

vulnerability	VCID-mbh9-auce-33gf

vulnerability	VCID-p4km-wb9b-r3ar

vulnerability	VCID-qcux-1yn7-8ucy

vulnerability	VCID-w6zy-eyzn-k3be

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl	pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie

aliases CVE-2023-49569, GHSA-449p-3h89-pw88

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dvh-vfqu-qbe9

url VCID-53cp-dtce-9fas

vulnerability_id VCID-53cp-dtce-9fas

summary

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.

Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.
This is a go-git implementation issue and does not affect the upstream git cli.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49568.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49568.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49568

reference_id

reference_type

scores

value	0.00112
scoring_system	epss
scoring_elements	0.29382
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49568

reference_url

https://github.com/go-git/go-git

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/go-git/go-git

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-49568

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-49568

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
reference_id	1060701
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258165
reference_id	2258165
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258165

reference_url

https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r

reference_id

GHSA-mw99-9chc-xw7r

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-12T18:15:52Z/

url

https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r

reference_url	https://access.redhat.com/errata/RHSA-2024:0298
reference_id	RHSA-2024:0298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0298

reference_url	https://access.redhat.com/errata/RHSA-2024:0641
reference_id	RHSA-2024:0641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0641

reference_url	https://access.redhat.com/errata/RHSA-2024:0642
reference_id	RHSA-2024:0642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0642

reference_url	https://access.redhat.com/errata/RHSA-2024:0691
reference_id	RHSA-2024:0691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0691

reference_url	https://access.redhat.com/errata/RHSA-2024:0692
reference_id	RHSA-2024:0692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0692

reference_url	https://access.redhat.com/errata/RHSA-2024:0735
reference_id	RHSA-2024:0735
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0735

reference_url	https://access.redhat.com/errata/RHSA-2024:0740
reference_id	RHSA-2024:0740
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0740

reference_url	https://access.redhat.com/errata/RHSA-2024:0741
reference_id	RHSA-2024:0741
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0741

reference_url	https://access.redhat.com/errata/RHSA-2024:0832
reference_id	RHSA-2024:0832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0832

reference_url	https://access.redhat.com/errata/RHSA-2024:0833
reference_id	RHSA-2024:0833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0833

reference_url	https://access.redhat.com/errata/RHSA-2024:0843
reference_id	RHSA-2024:0843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0843

reference_url	https://access.redhat.com/errata/RHSA-2024:0845
reference_id	RHSA-2024:0845
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0845

reference_url	https://access.redhat.com/errata/RHSA-2024:0880
reference_id	RHSA-2024:0880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0880

reference_url	https://access.redhat.com/errata/RHSA-2024:0989
reference_id	RHSA-2024:0989
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0989

reference_url	https://access.redhat.com/errata/RHSA-2024:1052
reference_id	RHSA-2024:1052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1052

reference_url	https://access.redhat.com/errata/RHSA-2024:1557
reference_id	RHSA-2024:1557
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1557

reference_url	https://access.redhat.com/errata/RHSA-2024:1570
reference_id	RHSA-2024:1570
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1570

reference_url	https://access.redhat.com/errata/RHSA-2024:1887
reference_id	RHSA-2024:1887
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1887

reference_url	https://access.redhat.com/errata/RHSA-2024:1891
reference_id	RHSA-2024:1891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1891

reference_url	https://access.redhat.com/errata/RHSA-2024:1896
reference_id	RHSA-2024:1896
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1896

reference_url	https://access.redhat.com/errata/RHSA-2024:2047
reference_id	RHSA-2024:2047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2047

reference_url	https://access.redhat.com/errata/RHSA-2024:3889
reference_id	RHSA-2024:3889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3889

reference_url	https://access.redhat.com/errata/RHSA-2024:3925
reference_id	RHSA-2024:3925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3925

reference_url	https://access.redhat.com/errata/RHSA-2024:4010
reference_id	RHSA-2024:4010
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4010

reference_url	https://usn.ubuntu.com/8088-1/
reference_id	USN-8088-1
reference_type
scores
url	https://usn.ubuntu.com/8088-1/

fixed_packages

url	pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
purl	pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1%3Fdistro=trixie

url pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie

purl pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gn1a-zd3y-k3hu

vulnerability	VCID-hz4m-zckh-p7f8

vulnerability	VCID-kwgg-vwce-y3dc

vulnerability	VCID-mbh9-auce-33gf

vulnerability	VCID-p4km-wb9b-r3ar

vulnerability	VCID-qcux-1yn7-8ucy

vulnerability	VCID-w6zy-eyzn-k3be

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl	pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie

aliases CVE-2023-49568, GHSA-mw99-9chc-xw7r

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53cp-dtce-9fas

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1%3Fdistro=trixie

Package Instance