Lucene search
MitreCVELIST:CVE-2023-40267HistoryAug 11, 2023 - 12:00 a.m.
CVE-2023-40267
2023-08-1100:00:00
mitre
www.cve.org
9
gitpython
insecure
clone
options
incomplete fix
cve-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
References
github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd
github.com/gitpython-developers/GitPython/pull/1609
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/
Related
openvas
openvas
Fedora: Security Advisory for GitPython (FEDORA-2023-26116901d9)
2023-08-25 00:00:00
Fedora: Security Advisory for GitPython (FEDORA-2023-1ec4e542f9)
2023-08-23 00:00:00
Debian: Security Advisory (DLA-3502-1)
2023-07-26 00:00:00
osv
osv
python-git - security update
2023-07-25 00:00:00
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
2023-08-11 09:30:36
CVE-2023-40267
2023-08-11 07:15:09
alpinelinux
alpinelinux
CVE-2023-40267
2023-08-11 07:15:09
fedora
fedora
[SECURITY] Fedora 37 Update: GitPython-3.1.32-1.fc37
2023-08-25 00:43:08
[SECURITY] Fedora 38 Update: GitPython-3.1.32-1.fc38
2023-08-22 17:17:47
[SECURITY] Fedora 37 Update: GitPython-3.1.30-1.fc37
2023-01-04 01:25:25
nvd
nvd
CVE-2023-40267
2023-08-11 07:15:09
CVE-2022-24439
2022-12-06 05:15:11
debiancve
debiancve
CVE-2023-40267
2023-08-11 07:15:09
CVE-2022-24439
2022-12-12 01:49:10
github
github
veracode
veracode
Remote Code Execution (RCE)
2023-08-14 05:13:15
Remote Code Execution (RCE)
2022-12-11 03:40:58
nessus
nessus
Fedora 38 : GitPython (2023-1ec4e542f9)
2023-08-22 00:00:00
Fedora 37 : GitPython (2023-26116901d9)
2023-08-25 00:00:00
cve
cve
CVE-2023-40267
2023-08-11 07:15:09
CVE-2022-24439
2022-12-12 01:49:10
ubuntucve
ubuntucve
CVE-2023-40267
2023-08-11 00:00:00
CVE-2022-24439
2022-12-06 00:00:00
gitlab
gitlab
Improper Input Validation
2023-08-11 00:00:00
prion
prion
Code injection
2023-08-11 07:15:00
Design/Logic Flaw
2022-12-06 05:15:00
redhatcve
redhatcve
CVE-2023-40267
2023-08-22 17:50:49
CVE-2022-24439
2022-12-07 15:01:17
redhat
redhat
(RHSA-2023:4991) Low: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update
2023-09-06 12:59:39
(RHSA-2023:4971) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
2023-09-05 11:43:37
(RHSA-2023:5931) Important: Satellite 6.13.5 Async Security Update
2023-10-19 12:48:52
redos
redos
ROS-20240611-13
2024-06-11 00:00:00
ROS-20240611-16
2024-06-11 00:00:00
ubuntu
ubuntu
GitPython vulnerability
2023-08-31 00:00:00
GitPython vulnerability
2023-03-22 00:00:00
mageia
mageia
Updated python-gitpython packages fix security vulnerability
2023-01-13 20:37:09
debian
debian
[SECURITY] [DLA 3502-1] python-git security update
2023-07-25 10:13:20
cvelist
cvelist
CVE-2022-24439 Remote Code Execution (RCE)
2022-12-12 01:49:10
gentoo
gentoo
GitPython: Code Execution via Crafted Input
2023-11-01 00:00:00
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
ibm
ibm