279 matches found
CVE-2023-41040
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
CVE-2023-41040
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
PYSEC-2023-165
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
UBUNTU-CVE-2023-41040
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
PYSEC-2023-165
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
Directory traversal
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
agixt (>=1.2.3 <=1.3.138), aicrowd-cli (>=0.1.8 <=0.1.15) +540 more potentially affected by CVE-2023-41040 via gitpython (>=0.3.4 <=3.1.34)
gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-41040 Source advisory: OSV:PYSEC-2023-165...
CVE-2023-41040
CVE-2023-41040 affects the Python Git library GitPython. In some code paths, a user-supplied file name is joined with the repository’s base directory without ensuring the final path stays inside the repo’s .git area, enabling a potential blind local file access scenario. Official descriptions not...
CVE-2023-41040 GitPython blind local file inclusion
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
CVE-2023-41040 GitPython blind local file inclusion
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
CVE-2023-41040
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
CVE-2023-41040
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
CVE-2023-41040 GitPython blind local file inclusion
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...
GHSA-CWVM-V4W8-Q58C GitPython blind local file inclusion
Summary In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git directory. This allows an attacker to make GitPython read any fi...
GitPython blind local file inclusion
Summary In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git directory. This allows an attacker to make GitPython read any fi...
agixt (>=1.2.3 <=1.3.154), aicrowd-cli (>=0.1.8 <=0.1.15) +544 more potentially affected by CVE-2023-41040 via gitpython (>=0.3.4 <=3.1.36)
gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-41040 Source advisory: OSV:GHSA-CWVM-V4W8-Q58C...
SUSE CVE-2023-40590
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython does not check if this file is located outside the .git...
GitPython 路径遍历漏洞
GitPython is a Python library open-sourced by gitpython-developers for interacting with Git repositories. A path traversal vulnerability exists in GitPython 3.1.32 and earlier versions, which stems from the fact that in order to resolve some git references, GitPython reads the file .git from a...
PT-2023-4955
Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.37 Description The issue is related to GitPython's handling of file paths when resolving git references. In some cases, the library reads files from the .git directory based on user-provided input without checki...