Linux Distros Unpatched Vulnerability : CVE-2023-40267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-2443...

RHEL 7 : gitpython (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GitPython: Insecure non-multi options in clone and clonefrom is not blocked CVE-2023-40267 - GitPython is...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update (Low) (RHSA-2023:4991)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4991 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:4971)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4971 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

Ubuntu: Security Advisory (USN-6326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 : GitPython vulnerability (USN-6326-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6326-1 advisory. It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker cou...

Fedora 38 : GitPython (2023-1ec4e542f9)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ec4e542f9 advisory. New upstream release fixing CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CVE-2023-40267

creationtimestamp| type| source ---|---|--- 2023-08-11 14:46:53+00:00| seen| https://t.me/cibsecurity/68331...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +524 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:GHSA-PR76-5CM5-W9CJ...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +524 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:PYSEC-2023-137...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython vulnerability CVE-2023-40267 affects versions before 3.1.32, where insecure non-multi options in clone and clone_from are not blocked. This arises as a follow-up to an incomplete fix for CVE-2022-24439. The issue enables Remote Code Execution via crafted or insecure remote URLs used in ...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...