- Description
- Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities), an argument injection is possible in the `gettreesha()` function. This can then lead to a potential remote code execution. Users should upgrade immediately to v1.9.5 to receive a patch. All prior versions are vulnerable. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-88
- Hype score
- Not currently trending
Warning: Two high-rated injection vulnerabilities in the Registrator app for #JuliaPackages. #CVE-2025-52480 and #CVE-2025-52483 CVSS:8.1. Both vulnerabilities can be exploited to achieve remote code execution #RCE! https://t.co/1NxMmThp3m #Patch #Patch #Patch
@CCBalert
1 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52480 Argument Injection Vulnerability in Registrator GitHub App Before 1.9.5 https://t.co/0NcJ5XZqmM
@VulmonFeeds
25 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52480 Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL… https://t.co/G4N1fwPyd4
@CVEnew
25 Jun 2025
281 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes