Description

Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities) a shell script injection can occur within the `withpasswd` function. Alternatively, an argument injection is possible in the `gettreesha `function. either of these can then lead to a potential RCE. Users should upgrade immediately to v1.9.5 to receive a fix. All prior versions are vulnerable. No known workarounds are available.

INFO

Published Date :

2025-06-25T16:39:45.707Z

Last Modified :

2025-06-26T14:38:03.142Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52483 vulnerability.

Vendors Products
Julialang
  • Registrator
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52483.

URL Resource
https://github.com/JuliaRegistries/Registrator.jl/pull/448 cve-icon cve-icon
https://github.com/JuliaRegistries/Registrator.jl/security/advisories/GHSA-589r-g8hf-xx59 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact