Celinke97

**Name of the Vulnerable Software and Affected Versions** go-git versions prior to 5.18.0 go-git versions prior to 6.0.0-alpha.2 **Description** During smart-HTTP clone and fetch operations, the library may leak HTTP authentication credentials when following redirects. If a remote repository responds to the initial '/info/refs' request with a redirect to a different host, the session endpoint is updated to the redirected location and the original authentication, such as Authorization headers, is reused for subsequent requests. This allows an attacker controlling the redirect target to capture credentials and potentially access the victim's repositories or other resources. This issue occurs when interacting with untrusted or misconfigured Git servers or when using unsecured HTTP connections. **Recommendations** Update to version 5.18.0. Update to version 6.0.0-alpha.2.