Lucene search
K

20 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in python-git

GitPython before version 3.1.32 does not prevent the use of insecure non-multi options in clone and clonefrom commands. NOTE: This issue exists due to an incomplete fix for CVE-2022-24439...

9.8CVSS8.2AI score0.00984EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0085

Malicious code in bioql PyPI...

9.8CVSS8.6AI score0.00984EPSS
Exploits0References10
OPENSUSE Linux
OPENSUSE Linux
added 2025/03/07 12:0 a.m.7 views

python311-GitPython-3.1.44-1.1 on GA media (moderate)

python311-GitPython-3.1.44-1.1 on GA media Announcement ID: openSUSE-SU-2025:14858-1 Rating: moderate Cross-References: CVE-2022-24439 CVSS scores: CVE-2022-24439 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...

8.1CVSS7.8AI score0.05378EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.14 views

Fedora 37 : GitPython (2022-8146a727a8)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-8146a727a8 advisory. Latest upstream release with fix for CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisor...

9.8CVSS8.2AI score0.05378EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.27 views

GLSA-202311-01 : GitPython: Code Execution via Crafted Input

The remote host is affected by the vulnerability described in GLSA-202311-01 GitPython: Code Execution via Crafted Input - All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted...

9.8CVSS8.2AI score0.05378EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/08/22 12:0 a.m.37 views

Fedora 38 : GitPython (2023-1ec4e542f9)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ec4e542f9 advisory. New upstream release fixing CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

9.8CVSS8.2AI score0.05378EPSS
Exploits1References3
Veracode
Veracode
added 2023/08/14 5:13 a.m.38 views

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clone function of base.py does not properly sanitize the non-multi options, which allows an attacker to inject an OS command into the clone command. NOTE: this issue exists because of an incomplete fix for...

9.8CVSS7.5AI score0.05378EPSS
Exploits1References7Affected Software4
OSV
OSV
added 2023/08/11 9:30 a.m.8 views

GHSA-PR76-5CM5-W9CJ GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...

9.8CVSS6AI score0.00984EPSS
Exploits0References10
Prion
Prion
added 2023/08/11 7:15 a.m.31 views

Code injection

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

7.5CVSS9.4AI score0.05378EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/11 7:15 a.m.3 views

UBUNTU-CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

9.8CVSS7.2AI score0.00984EPSS
Exploits0References6
OSV
OSV
added 2023/08/11 12:0 a.m.47 views

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

9.8CVSS7.3AI score0.00984EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.25 views

Debian dla-3502 : python-git - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3502 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3502-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS7.9AI score0.05378EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.43 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GitPython vulnerability (USN-5968-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5968-1 advisory. It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a...

9.8CVSS8.6AI score0.05378EPSS
Exploits1References2
Mageia
Mageia
added 2023/01/13 5:37 p.m.82 views

Updated python-gitpython packages fix security vulnerability

Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...

9.8CVSS3.5AI score0.05378EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/01/09 12:0 a.m.35 views

Fedora: Security Advisory for GitPython (FEDORA-2022-ce7369b9ec)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.05378EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/12/12 1:49 a.m.64 views

CVE-2022-24439 Remote Code Execution (RCE)

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

8.1CVSS9.8AI score0.05378EPSS
Exploits1References8
CVE
CVE
added 2022/12/12 1:49 a.m.364 views

CVE-2022-24439

GitPython (Python library for interacting with Git) is affected by an RCE vulnerability in clone/clone_from prior to version 3.1.32 due to improper sanitization of user input in non-multi options. The issue allows injecting a malicious remote URL into the clone command because external git calls ...

9.8CVSS9AI score0.05378EPSS
Exploits1References9Affected Software1
Circl
Circl
added 2022/12/06 10:12 a.m.11 views

CVE-2022-24439

creationtimestamp| type| source ---|---|--- 2022-12-06 10:12:31+00:00| seen| https://t.me/cibsecurity/54046 2023-08-11 14:46:53+00:00| seen| https://t.me/cibsecurity/68331 2024-10-08 03:27:19+00:00| published-proof-of-concept| https://t.me/HackingInsights/15363...

9.8CVSS8.5AI score0.05378EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/12/06 6:30 a.m.5 views

aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +457 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)

gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: OSV:GHSA-HCPJ-QP55-GFPH...

9.8CVSS7.7AI score0.05378EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/11/13 12:55 p.m.4 views

aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +457 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)

gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: SNYK:PYTHON-GITPYTHON-3113858...

9.8CVSS7.7AI score0.05378EPSS
Exploits1
Rows per page
Query Builder