{"vulnerability": "CVE-2025-21614", "sightings": [{"uuid": "cc2a39b9-ab42-40dc-92e4-463a2a9d8c87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21614", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf3n7i6jjn2m", "content": "", "creation_timestamp": "2025-01-06T17:16:44.358321Z"}, {"uuid": "bccd6173-5317-47e3-b8df-9d82b9823353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21614", "type": "seen", "source": "https://t.me/cvedetector/14372", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21614 - Go-git Git Server Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21614 \nPublished : Jan. 6, 2025, 5:15 p.m. | 43\u00a0minutes ago \nDescription : go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T19:26:25.000000Z"}, {"uuid": "f1b3443a-a1d2-4feb-a963-f60ed7dcc2c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21614", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3661", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21614\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\nA denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.13`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. \n\nThis is a `go-git` implementation issue and does not affect the upstream `git` cli.\n\n### Patches\nUsers running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.13` in order to mitigate this vulnerability.\n\n### Workarounds\nIn cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers.\n\n## Credit\nThanks to Ionut Lalu for responsibly disclosing this vulnerability to us.\n\n\ud83d\udccf Published: 2025-01-06T16:20:28Z\n\ud83d\udccf Modified: 2025-01-31T14:42:21Z\n\ud83d\udd17 References:\n1. https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-21614\n3. https://github.com/go-git/go-git", "creation_timestamp": "2025-01-31T15:14:55.000000Z"}]}