Path Traversal Vulnerability in GitForge.jl by JuliaWeb
CVE-2025-50178

6.6MEDIUM

Key Information:

Vendor: Juliaweb
Status: Gitforge.jl
Vendor: CVE Published:; 25 June 2025

What is CVE-2025-50178?

GitForge.jl, a unified interface for Git forges, suffers from a significant input validation flaw in versions prior to 0.4.3. Specifically, the vulnerability exists in the GitForge.get_repo function, where user-provided strings for the owner and repository fields are not adequately validated or encoded. This oversight allows malicious users to exploit the application by injecting path traversal patterns, such as ../, into their inputs, potentially granting them unauthorized access to sensitive endpoints on the GitHub API that should not be accessible. The issue has been addressed in version 0.4.3, and users are encouraged to update to this version to mitigate associated risks.

Affected Version(s)

GitForge.jl < 0.4.3

References

https://github.com/JuliaWeb/GitForge.jl/security/advisori...

x_refsource_CONFIRM

https://github.com/JuliaWeb/GitForge.jl/pull/50

x_refsource_MISC

CVSS V4

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 13, 2025

JSON

Juliaweb

What is CVE-2025-50178?

Affected Version(s)

References

CVSS V4

Timeline