- Description
- Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities) a shell script injection can occur within the `withpasswd` function. Alternatively, an argument injection is possible in the `gettreesha `function. either of these can then lead to a potential RCE. Users should upgrade immediately to v1.9.5 to receive a fix. All prior versions are vulnerable. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-77
- Hype score
- Not currently trending
Warning: Two high-rated injection vulnerabilities in the Registrator app for #JuliaPackages. #CVE-2025-52480 and #CVE-2025-52483 CVSS:8.1. Both vulnerabilities can be exploited to achieve remote code execution #RCE! https://t.co/1NxMmThp3m #Patch #Patch #Patch
@CCBalert
1 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52483 GitHub Registrator Shell Injection Vulnerability Leading to Remote Code Execution https://t.co/XCTtkCLBEG
@VulmonFeeds
25 Jun 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52483 Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL… https://t.co/CTwSEdkjCn
@CVEnew
25 Jun 2025
251 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes