All versions of package gitpython is vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
CPE | Name | Operator | Version |
---|---|---|---|
pypi/gitpython | lt | 3.1.30 |