Debian dla-3589 : python-git - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3589 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3589-1 [email protected] https://www.debian.org/lts/security/...

openSUSE 15 Security Update : python-GitPython (openSUSE-SU-2023:0271-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0271-1 advisory. - GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git...

openSUSE 15 Security Update : python-GitPython (openSUSE-SU-2023:0259-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0259-1 advisory. - GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git...

Security update for python-GitPython (moderate)

openSUSE Security Update: Security update for python-GitPython Announcement ID: openSUSE-SU-2023:0271-1 Rating: moderate References: 1214810 Cross-References: CVE-2023-41040 CVSS scores: CVE-2023-41040 NVD : 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-41040 SUSE: 4...

OPENSUSE-SU-2023:0271-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues: - CVE-2023-41040: Fixed directory traversal attack vulnerability boo1214810...

OPENSUSE-SU-2023:0259-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues: - CVE-2023-41040: Fixed directory traversal attack vulnerability boo1214810...

Security update for python-GitPython (moderate)

openSUSE Security Update: Security update for python-GitPython Announcement ID: openSUSE-SU-2023:0259-1 Rating: moderate References: 1214810 Cross-References: CVE-2023-41040 CVSS scores: CVE-2023-41040 NVD : 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-41040 SUSE: 4...

ROS-20230915-13

A vulnerability in the symbolic.py component of the Python library for interacting with GitPython git repositories is related to a flaw in the directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected...

OESA-2023-1628 python-GitPython security update

GitPythonis a python library used to interact with Git repositories.GitPython provides object model read and write access to your git repository. Access repository information conveniently, alter the index directly, handle remotes, or go down to low-level object database access with big-files...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Path Traversal

gitpython is vulnerable to Path Traversal. The vulnerability exists in getrefinfohelper function of symbolic.py because it does not properly validate the local file path, which allows an attacker to access files outside the expected directory...

Arbitrary Code Execution

gitpython is vulnerable to Arbitrary Code Execution. The vulnerability exists because it does not properly validate the git executable. If a malicious repository packages a git executable, the library will default to using that executable when importing gitpython on Window. If an attacker tricks ...

SUSE CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

Ubuntu: Security Advisory (USN-6326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6326-1 python-git vulnerability

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...

USN-6326-1: GitPython vulnerability

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 : GitPython vulnerability (USN-6326-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6326-1 advisory. It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker cou...

DEBIAN-CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...