Dilum Aluthge

Name of the Vulnerable Software and Affected Versions: GitForge.jl versions prior to 5.9.1 Description: The issue is related to a lack of input validation for user-provided values in certain functions. Specifically, in the `GitHub.repo()` function, the `repo name` field can be set to any string, which is then sent directly to the server without validation or safe encoding. This allows for path traversal patterns, such as `../`, to be added to the input, potentially accessing unintended endpoints on `api.github.com`. Recommendations: For versions prior to 5.9.1, upgrade immediately to v5.9.1 or later to receive a patch. As a temporary workaround, consider restricting the use of the `GitHub.repo()` function until a patch is available. Avoid using path traversal patterns like `../` in the `repo name` field to minimize the risk of exploitation.