Git Proxy Vulnerability in Application by Finos
CVE-2025-54584
Currently unrated
What is CVE-2025-54584?
In versions of GitProxy prior to 1.19.2, a vulnerability exists that allows an attacker to exploit the PACK signature detection mechanism in the parsePush.ts file. By creating a specially crafted Git packfile with a misleading PACK signature and manipulating the packet structure, an attacker could deceive the parser into accepting invalid or unintended data as a legitimate packfile. This could result in unauthorized access or the ability to conceal commits, leading to potential security breaches. The issue has been addressed in version 1.19.2.