{"vulnerability": "GHSA-R9PX-M959-CXF4", "sightings": [{"uuid": "c6b67160-27f1-42a5-87b1-dfa90d8d5252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-R9PX-M959-CXF4", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3661", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21614\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\nA denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.13`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. \n\nThis is a `go-git` implementation issue and does not affect the upstream `git` cli.\n\n### Patches\nUsers running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.13` in order to mitigate this vulnerability.\n\n### Workarounds\nIn cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers.\n\n## Credit\nThanks to Ionut Lalu for responsibly disclosing this vulnerability to us.\n\n\ud83d\udccf Published: 2025-01-06T16:20:28Z\n\ud83d\udccf Modified: 2025-01-31T14:42:21Z\n\ud83d\udd17 References:\n1. https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-21614\n3. https://github.com/go-git/go-git", "creation_timestamp": "2025-01-31T15:14:55.000000Z"}]}