20 matches found
Astra Linux – Vulnerability in python-git
GitPython before version 3.1.32 does not prevent the use of insecure non-multi options in clone and clonefrom commands. NOTE: This issue exists due to an incomplete fix for CVE-2022-24439...
EUVD-2023-0085
Malicious code in bioql PyPI...
python311-GitPython-3.1.44-1.1 on GA media (moderate)
python311-GitPython-3.1.44-1.1 on GA media Announcement ID: openSUSE-SU-2025:14858-1 Rating: moderate Cross-References: CVE-2022-24439 CVSS scores: CVE-2022-24439 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...
Fedora 37 : GitPython (2022-8146a727a8)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-8146a727a8 advisory. Latest upstream release with fix for CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisor...
GLSA-202311-01 : GitPython: Code Execution via Crafted Input
The remote host is affected by the vulnerability described in GLSA-202311-01 GitPython: Code Execution via Crafted Input - All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted...
Fedora 38 : GitPython (2023-1ec4e542f9)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ec4e542f9 advisory. New upstream release fixing CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Remote Code Execution (RCE)
GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clone function of base.py does not properly sanitize the non-multi options, which allows an attacker to inject an OS command into the clone command. NOTE: this issue exists because of an incomplete fix for...
GHSA-PR76-5CM5-W9CJ GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...
Code injection
GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...
UBUNTU-CVE-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...
CVE-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...
Debian dla-3502 : python-git - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3502 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3502-1 [email protected] https://www.debian.org/lts/security/...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GitPython vulnerability (USN-5968-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5968-1 advisory. It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a...
Updated python-gitpython packages fix security vulnerability
Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...
Fedora: Security Advisory for GitPython (FEDORA-2022-ce7369b9ec)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-24439 Remote Code Execution (RCE)
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
CVE-2022-24439
GitPython (Python library for interacting with Git) is affected by an RCE vulnerability in clone/clone_from prior to version 3.1.32 due to improper sanitization of user input in non-multi options. The issue allows injecting a malicious remote URL into the clone command because external git calls ...
CVE-2022-24439
creationtimestamp| type| source ---|---|--- 2022-12-06 10:12:31+00:00| seen| https://t.me/cibsecurity/54046 2023-08-11 14:46:53+00:00| seen| https://t.me/cibsecurity/68331 2024-10-08 03:27:19+00:00| published-proof-of-concept| https://t.me/HackingInsights/15363...
aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +457 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)
gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: OSV:GHSA-HCPJ-QP55-GFPH...
aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +457 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)
gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: SNYK:PYTHON-GITPYTHON-3113858...