CVE-2025-54584

Name of the Vulnerable Software and Affected Versions GitProxy versions 1.19.1 and below

Description GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A crafted malicious Git packfile can exploit the PACK signature detection in the parsePush.ts file. Embedding a misleading PACK signature within commit content and carefully constructing the packet structure can trick the parser into treating invalid data as the packfile, potentially allowing bypassing approval or hiding commits.

Recommendations Update to version 1.19.2 or later.