17 matches found
EUVD-2024-0062
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-22190
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted...
CVE-2024-22190
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
Design/Logic Flaw
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
CVE-2024-22190
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
PYSEC-2024-4
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
PYSEC-2024-4
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
CVE-2024-22190 Untrusted search path under some conditions on Windows allows arbitrary code execution
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
CVE-2024-22190 Untrusted search path under some conditions on Windows allows arbitrary code execution
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
CVE-2024-22190
CVE-2024-22190 (GitPython) affects GitPython, where an incomplete fix for CVE-2023-40590 leaves an untrusted search path risk on Windows when a shell is used to run git or when bash.exe is used to interpret hooks. The issue can allow a malicious git.exe or bash.exe from an untrusted repository to...
CVE-2024-22190 Untrusted search path under some conditions on Windows allows arbitrary code execution
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
SUSE CVE-2023-40590
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...
agixt (>=1.2.3 <=1.3.129), aicrowd-cli (>=0.1.8 <=0.1.15) +540 more potentially affected by CVE-2023-40590 via gitpython (>=0.3.4 <=3.1.32)
gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40590 Source advisory: OSV:GHSA-WFM5-V35H-VWF4...
agixt (>=1.2.3 <=1.3.129), aicrowd-cli (>=0.1.8 <=0.1.15) +540 more potentially affected by CVE-2023-40590 via gitpython (>=0.3.4 <=3.1.32)
gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40590 Source advisory: OSV:PYSEC-2023-161...
CVE-2023-40590
GitPython (CVE-2023-40590) on Windows can execute a malicious git.exe/git in the current repository when GitPython runs git via a shell or when hooks use bash.exe, enabling arbitrary code execution. A patch exists: GitPython 3.1.41 (and advisories note this incomplete fix was addressed). Mitigati...
CVE-2023-40590
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...
CVE-2023-40590
creationtimestamp| type| source ---|---|--- 2023-08-26 07:04:12+00:00| published-proof-of-concept| https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 2023-08-28 22:16:57+00:00| seen| https://t.me/cibsecurity/69311 2024-01-19 10:29:47+00:00| seen|...