GHSA-XXMH-RF63-QWJV

Vulnerability from github – Published: 2025-07-30 16:40 – Updated: 2025-07-31 11:18
VLAI?
Summary
GitProxy Backfile Parsing Exploit
Details

Summary

An attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended data as the packfile. Potentially, this would allow bypassing approval or hiding commits.

Details

The affected version of parsePush.ts attempts to locate the Git PACK file by looking for the last occurrence of the string "PACK" in the incoming push payload:

const packStart = buffer.lastIndexOf('PACK');

This assumes that any "PACK" string near the end of the push is the beginning of the actual binary Git packfile. However, Git objects (commits, blobs, etc.) can contain arbitrary content (including the word PACK) in binary or non-compressed blobs.

An attacker could abuse this by: 1. Crafting a custom packfile using low-level Git tools or by manually forging one 2. Placing the string "PACK" inside a commit body or a binary file blob that appears after the real PACK start in the stream.

The parser then ignores the actual push and treats the binary blob/commit body as the PACK file. The actual push contents may violate existing push policies.

PoC

  1. Make a commit on any branch (example: test-branch) containing the string "PACK"
  2. Manually generate a custom packfile with both branches using git pack-objects or a low-level library/custom script: a) Add the string "PACK" after the real packfile's PACK header in the binary stream
  3. Push using a custom client/raw protocol injection

Impact

Attackers with push access can hide commits from scanning/approval and make changes that bypass policies, potentially inserting unwanted/malicious code into a GitProxy protected repository.

The vulnerability impacts all users or organizations relying on GitProxy to enforce policies and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction, however, it does require a considerable amount of technical skill and intentional effort to accomplish.

Severity ?
7.0 (High)
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.19.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@finos/git-proxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.19.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54584"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-30T16:40:07Z",
    "nvd_published_at": "2025-07-30T20:15:38Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nAn attacker can craft a malicious Git packfile to exploit the PACK signature detection in the `parsePush.ts`. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended data as the packfile. Potentially, this would allow bypassing approval or hiding commits.\n\n### Details\nThe affected version of `parsePush.ts` attempts to locate the Git PACK file by looking for the last occurrence of the string \"PACK\" in the incoming push payload:\n\n```ts\nconst packStart = buffer.lastIndexOf(\u0027PACK\u0027);\n```\n\nThis assumes that any \"PACK\" string near the end of the push is the beginning of the actual binary Git packfile. However, Git objects (commits, blobs, etc.) can contain arbitrary content (including the word PACK) in binary or non-compressed blobs.\n\nAn attacker could abuse this by:\n1. Crafting a custom packfile using low-level Git tools or by manually forging one\n2. Placing the string \"PACK\" inside a commit body or a binary file blob that appears after the real PACK start in the stream.\n\nThe parser then ignores the actual push and treats the binary blob/commit body as the PACK file. The actual push contents may violate existing push policies.\n\n### PoC\n\n1. Make a commit on any branch (example: `test-branch`) containing the string \"PACK\"\n2. Manually generate a custom packfile with both branches using `git pack-objects` or a low-level library/custom script:\n  a) Add the string \"PACK\" after the real packfile\u0027s PACK header in the binary stream\n3. Push using a custom client/raw protocol injection\n\n### Impact\n\nAttackers with push access can hide commits from scanning/approval and make changes that bypass policies, potentially inserting unwanted/malicious code into a GitProxy protected repository.\n\nThe vulnerability impacts all users or organizations relying on GitProxy to enforce policies and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction, however, it does require a considerable amount of technical skill and intentional effort to accomplish.",
  "id": "GHSA-xxmh-rf63-qwjv",
  "modified": "2025-07-31T11:18:40Z",
  "published": "2025-07-30T16:40:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/finos/git-proxy/security/advisories/GHSA-xxmh-rf63-qwjv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54584"
    },
    {
      "type": "WEB",
      "url": "https://github.com/finos/git-proxy/commit/333c98a165a5a1ec88414db3d4a2c6f81e083e0f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/finos/git-proxy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/finos/git-proxy/releases/tag/v1.19.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "GitProxy Backfile Parsing Exploit"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.