Lucene search
+L

44 matches found

snyk
snyk
added 2026/05/24 7:45 a.m.8 views

Arbitrary Argument Injection

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Arbitrary...

8.5CVSS7.8AI score0.00298EPSS
Exploits0References2
redos
redos
added 2024/06/11 12:0 a.m.23 views

ROS-20240611-16

A vulnerability in the gitpython package is related to external git calls without sufficiently cleaning up input arguments. Exploitation of the vulnerability could allow an attacker acting remotely to inject a malicious remote URL into a clone command...

9.8CVSS6.7AI score0.05378EPSS
Exploits1
susecve
susecve
added 2023/11/22 12:13 a.m.4 views

SUSE CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

3.3CVSS6.8AI score0.00476EPSS
Exploits0References8
redhat
redhat
added 2023/10/19 1:15 p.m.15 views

GitPython: improper user input validation leads into a RCE

A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise...

9.8CVSS7.8AI score0.05378EPSS
Exploits1References5
bdu_fstec
bdu_fstec
added 2023/09/05 12:0 a.m.11 views

The vulnerability of the clone/clone_from components in the Python library for interacting with Git repositories in GitPython allows a malicious actor to execute arbitrary code.

The vulnerability of the clone/clonefrom components in the Python library for interacting with Git repositories in GitPython is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting a specially crafted URL address...

10CVSS8.2AI score0.00984EPSS
Exploits0References9Affected Software6
osv
osv
added 2023/03/22 3:2 p.m.6 views

USN-5968-1 python-git vulnerability

It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host...

9.8CVSS7.3AI score0.05378EPSS
Exploits1References2
susecve
susecve
added 2023/02/15 5:24 a.m.5 views

SUSE CVE-2014-9462

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

7.5CVSS7.7AI score0.04169EPSS
Exploits1References5
mageia
mageia
added 2023/01/13 5:37 p.m.82 views

Updated python-gitpython packages fix security vulnerability

Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...

9.8CVSS3.5AI score0.05378EPSS
Exploits1References3
cvelist
cvelist
added 2022/12/12 1:49 a.m.66 views

CVE-2022-24439 Remote Code Execution (RCE)

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

8.1CVSS9.8AI score0.05378EPSS
Exploits1References8
redhatcve
redhatcve
added 2022/12/07 3:1 p.m.42 views

CVE-2022-24439

A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise...

9.8CVSS4AI score0.05378EPSS
Exploits1References4
github
github
added 2022/12/06 6:30 a.m.43 views

GitPython vulnerable to Remote Code Execution due to improper user input validation

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS3.9AI score0.05378EPSS
Exploits1References20Affected Software1
osv
osv
added 2022/12/06 5:15 a.m.28 views

CVE-2022-24439 Remote Code Execution (RCE)

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

8.1CVSS7.4AI score0.05378EPSS
Exploits1References11
pypa
pypa
added 2022/12/06 5:15 a.m.9 views

PYSEC-2022-42992

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS7.7AI score0.05378EPSS
Exploits1References8Affected Software1
osv
osv
added 2022/12/06 5:15 a.m.12 views

PYSEC-2022-42992

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS7.3AI score0.05378EPSS
Exploits1References8
osv
osv
added 2022/12/06 5:15 a.m.6 views

UBUNTU-CVE-2022-24439

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS7.3AI score0.05378EPSS
Exploits1References6
ubuntucve
ubuntucve
added 2022/12/06 5:15 a.m.87 views

CVE-2022-24439

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

9.8CVSS7.2AI score0.05378EPSS
Exploits1References5
osv
osv
added 2022/05/14 2:5 a.m.7 views

GHSA-3PMW-H7J4-RF54 Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command

The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...

9.8CVSS9.5AI score0.04169EPSS
Exploits1References8
prion
prion
added 2022/04/01 6:15 p.m.12 views

Command injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

7.5CVSS9.9AI score0.01781EPSS
Exploits0References2Affected Software1
osv
osv
added 2022/04/01 5:35 p.m.19 views

CVE-2022-21223 Command Injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS7.2AI score0.01781EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/04/01 12:0 a.m.4 views

cocoapods-downloader 参数注入漏洞

cocoapods-downloader is a small library. It is used to download files from remote controls in folders. cocoapods-downloader versions prior to 1.6.2 have a security vulnerability that stems from the presence of command injection in the hg parameter. An attacker calling the download function could...

9.8CVSS5.8AI score0.01781EPSS
Exploits0References3
Rows per page
Query Builder