UBUNTU-CVE-2026-45571

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-45571

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45571.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-45571

Upstream

CVE-2026-45571

Published

2026-05-29T00:00:00Z

Modified

2026-05-29T18:00:46.241295462Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4.

References

Affected packages

Ubuntu:25.10

golang-github-go-git-go-git

Package

Name: golang-github-go-git-go-git
Purl: pkg:deb/ubuntu/golang-github-go-git-go-git?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.14.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.14.0-1",
            "binary_name": "go-git"
        },
        {
            "binary_version": "5.14.0-1",
            "binary_name": "golang-github-go-git-go-git-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45571.json"

Ubuntu:26.04:LTS

golang-github-go-git-go-git

Package

Name: golang-github-go-git-go-git
Purl: pkg:deb/ubuntu/golang-github-go-git-go-git?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.14.0-1

5.16.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.16.2-1",
            "binary_name": "go-git"
        },
        {
            "binary_version": "5.16.2-1",
            "binary_name": "golang-github-go-git-go-git-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45571.json"

Ubuntu:Pro:22.04:LTS

golang-github-go-git-go-git

Package

Name: golang-github-go-git-go-git
Purl: pkg:deb/ubuntu/golang-github-go-git-go-git?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2-3

5.4.2-3ubuntu0.1~esm1

5.4.2-3ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.4.2-3ubuntu0.1~esm2",
            "binary_name": "go-git"
        },
        {
            "binary_version": "5.4.2-3ubuntu0.1~esm2",
            "binary_name": "golang-github-go-git-go-git-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45571.json"

Ubuntu:Pro:24.04:LTS

golang-github-go-git-go-git

Package

Name: golang-github-go-git-go-git
Purl: pkg:deb/ubuntu/golang-github-go-git-go-git?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2-3build1

5.4.2-4

5.4.2-4ubuntu0.24.04.1

5.4.2-4ubuntu0.24.04.2

5.4.2-4ubuntu0.24.04.2+esm1

5.4.2-4ubuntu0.24.04.3

5.4.2-4ubuntu0.24.04.3+esm1

5.4.2-4ubuntu0.24.04.3+esm2

5.4.2-4ubuntu0.24.04.3+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.4.2-4ubuntu0.24.04.3+esm3",
            "binary_name": "go-git"
        },
        {
            "binary_version": "5.4.2-4ubuntu0.24.04.3+esm3",
            "binary_name": "golang-github-go-git-go-git-dev"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45571.json"