Gopkg.In Src-D Go-Git.V4 vulnerabilities

CVE-2025-21613 [CRITICAL] CWE-88 go-git has an Argument Injection via the URL field go-git has an Argument Injection via the URL field ### Impact An argument injection vulnerability was discovered in `go-git` versions prior to `v5.13`. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to [git-upload-pack flags](https://git-scm.com/docs/git-upload-pack). This only happens when the `file` transport protocol is being used, as that is the only protocol t

CVE-2025-21614 [HIGH] CWE-20 go-git clients vulnerable to DoS via maliciously crafted Git server replies go-git clients vulnerable to DoS via maliciously crafted Git server replies ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.13`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. This is a `go-git` imple

CVE-2023-49569 [CRITICAL] CWE-22 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients ### Impact A path traversal vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected

CVE-2023-49568 [HIGH] CWE-20 Maliciously crafted Git server replies can cause DoS on go-git clients Maliciously crafted Git server replies can cause DoS on go-git clients ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-mem