279 matches found
CVE-2024-22190
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
agixt (>=1.2.3 <=1.3.155), aicrowd-cli (>=0.1.8 <=0.1.15) +592 more potentially affected by CVE-2024-22190 via gitpython (>=0.3.4 <=3.1.40)
gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.1b0, =0.0.3, =6.1.3, =0.0.3, =0.0.5rc2 - apache-liminal-test-spark =0.0.0 and more Source cves: CVE-2024-22190 Source advisory: OSV:PYSEC-2024-4...
CVE-2024-22190 Untrusted search path under some conditions on Windows allows arbitrary code execution
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
CVE-2024-22190
CVE-2024-22190 (GitPython) affects GitPython, where an incomplete fix for CVE-2023-40590 leaves an untrusted search path risk on Windows when a shell is used to run git or when bash.exe is used to interpret hooks. The issue can allow a malicious git.exe or bash.exe from an untrusted repository to...
CVE-2024-22190
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
CVE-2024-22190 Untrusted search path under some conditions on Windows allows arbitrary code execution
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
CVE-2024-22190 Untrusted search path under some conditions on Windows allows arbitrary code execution
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
CVE-2024-22190
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...
GitPython Code Issues Vulnerabilities
GitPython is a Python library for interacting with Git repositories open-sourced by gitpython-developers. A code issue vulnerability exists in GitPython 3.1.40 and earlier versions that stems from allowing an attacker to execute arbitrary code via an untrusted search path...
agixt (>=1.2.3 <=1.3.155), aicrowd-cli (>=0.1.8 <=0.1.15) +592 more potentially affected by CVE-2024-22190 via gitpython (>=0.3.4 <=3.1.40)
gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.1b0, =0.0.3, =6.1.3, =0.0.3, =0.0.5rc2 - apache-liminal-test-spark =0.0.0 and more Source cves: CVE-2024-22190 Source advisory: OSV:GHSA-2MQJ-M65W-JGHX...
Untrusted search path under some conditions on Windows allows arbitrary code execution
Summary This issue exists because of an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on Windows, a malicious git.exe or bash.exe may b...
GHSA-2MQJ-M65W-JGHX Untrusted search path under some conditions on Windows allows arbitrary code execution
Summary This issue exists because of an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on Windows, a malicious git.exe or bash.exe may b...
PT-2024-1236 · Pypi +1 · Gitpython +1
Name of the Vulnerable Software and Affected Versions: GitPython versions prior to 3.1.41 Description: The issue is related to the use of an untrusted search path in GitPython, a Python library for interacting with Git repositories. This could allow an attacker to execute arbitrary code with...
GitPython: Blind local file inclusion
A path traversal vulnerability was found in GitPython due to an input validation error when reading from the ".git" directory. This issue may allow a remote attacker to prepare a specially crafted ".git" file with directory traversal characters in file names and force the application to read thes...
GitPython: Insecure non-multi options in clone and clone_from is not blocked
An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...
GitPython: Code Execution via Crafted Input
Background GitPython is a Python library used to interact with Git repositories. Description Please review the CVE identifier referenced below for details. Impact An attacker may be able to trigger Remote Code Execution RCE due to improper user input validation, which makes it possible to inject ...
GLSA-202311-01 : GitPython: Code Execution via Crafted Input
The remote host is affected by the vulnerability described in GLSA-202311-01 GitPython: Code Execution via Crafted Input - All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted...
CVE-2023-41040
A path traversal vulnerability was found in GitPython due to an input validation error when reading from the ".git" directory. This issue may allow a remote attacker to prepare a specially crafted ".git" file with directory traversal characters in file names and force the application to read thes...
GitPython: Insecure non-multi options in clone and clone_from is not blocked
An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...
GitPython: improper user input validation leads into a RCE
A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise...