agixt (>=1.2.3 <=1.3.155), aicrowd-cli (>=0.1.8 <=0.1.15) +592 more potentially affected by CVE-2024-22190 via gitpython (>=0.3.4 <=3.1.40)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.1b0, =0.0.3, =6.1.3, =0.0.3, =0.0.5rc2 - apache-liminal-test-spark =0.0.0 and more Source cves: CVE-2024-22190 Source advisory: OSV:GHSA-2MQJ-M65W-JGHX...

USN-6326-1 python-git vulnerability

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...

USN-6326-1: GitPython vulnerability

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...

agixt (>=1.2.3 <=1.3.129), aicrowd-cli (>=0.1.8 <=0.1.15) +538 more potentially affected by CVE-2023-40590 via gitpython (>=0.3.4 <=3.1.32)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40590 Source advisory: OSV:PYSEC-2023-161...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +521 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:GHSA-PR76-5CM5-W9CJ...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +521 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:PYSEC-2023-137...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GitPython vulnerability (USN-5968-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5968-1 advisory. It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a...

PYSEC-2022-42992

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...