42 matches found
ROS-20240611-16
A vulnerability in the gitpython package is related to external git calls without sufficiently cleaning up input arguments. Exploitation of the vulnerability could allow an attacker acting remotely to inject a malicious remote URL into a clone command...
SUSE CVE-2023-5752
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...
GitPython: improper user input validation leads into a RCE
A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise...
USN-5968-1 python-git vulnerability
It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host...
SUSE CVE-2014-9462
The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...
Updated python-gitpython packages fix security vulnerability
Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...
CVE-2022-24439 Remote Code Execution (RCE)
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
CVE-2022-24439
A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise...
GitPython vulnerable to Remote Code Execution due to improper user input validation
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
PYSEC-2022-42992
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
PYSEC-2022-42992
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
UBUNTU-CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...
GHSA-3PMW-H7J4-RF54 Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command
The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command...
CVE-2022-21223
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
Command injection
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
cocoapods-downloader 参数注入漏洞
cocoapods-downloader is a small library. It is used to download files from remote controls in folders. cocoapods-downloader versions prior to 1.6.2 have a security vulnerability that stems from the presence of command injection in the hg parameter. An attacker calling the download function could...
libvcs Command Injection Vulnerability
libvcs is a vcs abstraction layer. libvcs is vulnerable to command injection, which stems from the fact that when the updaterepo function is called, the url argument is passed to the hg clone command, and an attacker can exploit this vulnerability to execute commands by injecting some hg options...
CVE-2022-21187
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...