CVE-2025-54583
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-54583
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54583.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-54583
- Aliases
- Published
- 2025-07-30T20:15:38Z
- Modified
- 2025-08-01T20:59:22.716342Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2.
- References
Affected packages
Git / github.com/finos/git-proxy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/finos/git-proxy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
license-inventory-0.*
license-inventory-0.0.1
license-inventory-0.0.2
sample-0.*
sample-0.1.0
sample-0.1.1
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.17.1
v1.17.2
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.19.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.1
v1.3.10
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.9.0
v1.9.1
v1.9.2
v1.9.3