Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-C79972871E529E661C71347DA10DB6DCHistoryDec 06, 2022 - 12:00 a.m.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
2022-12-0600:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
16
vulnerability
gitpython
remote code execution
os command injection
input validation
rce
library
exploiting
0.011 Low
EPSS
Percentile
84.2%
All versions of package gitpython is vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pypi/gitpython | lt | 3.1.30 |
Related
veracode
veracode
Remote Code Execution (RCE)
2022-12-11 03:40:58
Remote Code Execution (RCE)
2023-08-14 05:13:15
osv
osv
python-git vulnerability
2023-03-22 15:02:15
GitPython vulnerable to Remote Code Execution due to improper user input validation
2022-12-06 06:30:17
CVE-2022-24439
2022-12-06 05:15:11
openvas
openvas
Ubuntu: Security Advisory (USN-5968-1)
2023-03-23 00:00:00
Fedora: Security Advisory for GitPython (FEDORA-2022-ce7369b9ec)
2023-01-09 00:00:00
Fedora: Security Advisory for GitPython (FEDORA-2022-8146a727a8)
2023-01-09 00:00:00
redhatcve
redhatcve
CVE-2022-24439
2022-12-07 15:01:17
gentoo
gentoo
GitPython: Code Execution via Crafted Input
2023-11-01 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: GitPython-3.1.30-1.fc36
2023-01-07 01:14:10
[SECURITY] Fedora 37 Update: GitPython-3.1.30-1.fc37
2023-01-04 01:25:25
[SECURITY] Fedora 38 Update: GitPython-3.1.32-1.fc38
2023-08-22 17:17:47
github
github
cve
cve
CVE-2022-24439
2022-12-06 05:15:11
CVE-2023-40267
2023-08-11 07:15:09
nessus
nessus
Debian DLA-3502-1 : python-git - LTS security update
2023-07-25 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GitPython vulnerability (USN-5968-1)
2023-03-22 00:00:00
GLSA-202311-01 : GitPython: Code Execution via Crafted Input
2023-11-01 00:00:00
nvd
nvd
CVE-2022-24439
2022-12-06 05:15:11
CVE-2023-40267
2023-08-11 07:15:09
debian
debian
[SECURITY] [DLA 3502-1] python-git security update
2023-07-25 10:13:20
redos
redos
ROS-20240611-16
2024-06-11 00:00:00
mageia
mageia
Updated python-gitpython packages fix security vulnerability
2023-01-13 20:37:09
prion
prion
Design/Logic Flaw
2022-12-06 05:15:00
Code injection
2023-08-11 07:15:00
ubuntu
ubuntu
GitPython vulnerability
2023-03-22 00:00:00
cvelist
cvelist
CVE-2022-24439 Remote Code Execution (RCE)
2022-12-06 00:00:00
CVE-2023-40267
2023-08-11 00:00:00
ubuntucve
ubuntucve
CVE-2022-24439
2022-12-06 00:00:00
CVE-2023-40267
2023-08-11 00:00:00
debiancve
debiancve
CVE-2022-24439
2022-12-06 05:15:11
CVE-2023-40267
2023-08-11 07:15:09
alpinelinux
alpinelinux
CVE-2023-40267
2023-08-11 07:15:09
gitlab
gitlab
Improper Input Validation
2023-08-11 00:00:00
redhat
redhat
(RHSA-2023:5931) Important: Satellite 6.13.5 Async Security Update
2023-10-19 12:48:52
ibm
ibm