CVE-2025-50178

Vulnerability Description

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on api.github.com that were not intended. Version 0.4.3 contains a patch for the issue. No known workarounds are available.

Related Weaknesses (CWE)

References

• https://github.com/JuliaWeb/GitForge.jl/pull/50
• https://github.com/JuliaWeb/GitForge.jl/security/advisories/GHSA-g2xx-229f-3qjm

FAQ

What is CVE-2025-50178?

CVE-2025-50178 is a documented vulnerability. GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function f...

How severe is CVE-2025-50178?

CVSS scoring is not yet available for CVE-2025-50178. Check NVD for updates.

Is there a patch for CVE-2025-50178?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.