You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
Minder's Git provider is vulnerable to a denial of service from a maliciously
configured GitHub repository. The Git provider clones users repositories using
the github.com/go-git/go-git/v5 library on these lines:
Advisory GHSA-hpcg-xjq5-g666 references a vulnerability in the following Go modules:
Description:
Minder's Git provider is vulnerable to a denial of service from a maliciously
configured GitHub repository. The Git provider clones users repositories using
the
github.com/go-git/go-git/v5
library on these lines:https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L55-L89
The Git provider does the following on these lines:
First, it sets the
CloneOptions
, specifying the url, the depth etc:https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L56-L62
It then validates th...
References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: