279 matches found
CVE-2022-24439
GitPython (Python library for interacting with Git) is affected by an RCE vulnerability in clone/clone_from prior to version 3.1.32 due to improper sanitization of user input in non-multi options. The issue allows injecting a malicious remote URL into the clone command because external git calls ...
Remote Code Execution (RCE)
GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clonefrom function in base.py makes external calls to git without sufficient sanitization of input arguments, allowing an attacker to inject and execute a maliciously crafted remote URL into the clone comma...
GitPython vulnerable to Remote Code Execution due to improper user input validation
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
GHSA-HCPJ-QP55-GFPH GitPython vulnerable to Remote Code Execution due to improper user input validation
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
DEBIAN-CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
PYSEC-2022-42992
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
PYSEC-2022-42992
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +453 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)
gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: OSV:PYSEC-2022-42992...
UBUNTU-CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
All versions of package gitpython is vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
GitPython 输入验证错误漏洞
GitPython is a Python library for interacting with Git repositories open-sourced by gitpython-developers. A security vulnerability exists in GitPython that stems from incorrect user input validation and can be exploited by an attacker to remotely execute code...
aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +453 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)
gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: SNYK:PYTHON-GITPYTHON-3113858...
Remote Code Execution (RCE)
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting...
Inefficient Regular Expression Complexity in gitpython-developers/gitpython
Description In the latest version of GitPython cd29f07b I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in git/remote.py Python import logging import re logging.basicConfigformat='%asctimes - %levelnames:...
Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present,...
Leakage Of Environment Variables
gitPython is vulnerable to the leakage of environment variables. The leakage happens through error messages because it does not use the unsafe variable in the expandpath method. The unsafe variable should be set to False to prevent this. However, the variable is set to True by default...