CVE-2025-52569

Vulnerability Description

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.

Related Weaknesses (CWE)

References

• https://github.com/JuliaWeb/GitHub.jl/pull/224
• https://github.com/JuliaWeb/GitHub.jl/security/advisories/GHSA-jg9p-c3wh-q83x

FAQ

What is CVE-2025-52569?

CVE-2025-52569 is a documented vulnerability. GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.re...

How severe is CVE-2025-52569?

CVSS scoring is not yet available for CVE-2025-52569. Check NVD for updates.

Is there a patch for CVE-2025-52569?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.