Fedora: Security Advisory for GitPython (FEDORA-2023-26116901d9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for GitPython (FEDORA-2023-1ec4e542f9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-40267

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

Fedora 38 : GitPython (2023-1ec4e542f9)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ec4e542f9 advisory. New upstream release fixing CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clone function of base.py does not properly sanitize the non-multi options, which allows an attacker to inject an OS command into the clone command. NOTE: this issue exists because of an incomplete fix for...

SUSE CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +521 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:GHSA-PR76-5CM5-W9CJ...

GHSA-PR76-5CM5-W9CJ GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...

GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

DEBIAN-CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

UBUNTU-CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

Code injection

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

PYSEC-2023-137

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +521 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:PYSEC-2023-137...

PYSEC-2023-137

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython vulnerability CVE-2023-40267 affects versions before 3.1.32, where insecure non-multi options in clone and clone_from are not blocked. This arises as a follow-up to an incomplete fix for CVE-2022-24439. The issue enables Remote Code Execution via crafted or insecure remote URLs used in ...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...