GitPython: Unsafe option check validates multi_options before shlex.split transformation

Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...

CVE-2025-10281

BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...

EUVD-2022-6293

Malicious code in bioql PyPI...

Git clone remote code execution vulnerability in git-for-windows

...

CVE-2022-41953 Git clone remote code execution vulnerability in git-for-windows

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +13402 more potentially affected by CVE-2022-25900 via git-clone (>=0.0.2 <=0.2.0)

git-clone NPM version =0.0.2, =1.0.0, =0.0.1, =1.0.0, =1.0.11 and more Source cves: CVE-2022-25900 Source advisory: OSV:GHSA-8JMW-WJR8-2X66...

CVE-2022-25900

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git...

PT-2022-17595

Name of the Vulnerable Software and Affected Versions: git-clone affected versions not specified Description: The git-clone package is susceptible to Command Injection due to insecure usage of the --upload-pack feature of git. This allows for potential malicious code execution. Credit for...

-llscw-react-cli (>=1.0.0 <=1.1.0-beta2), 002-node-cli (=1.0.0) +13402 more potentially affected by CVE-2022-25900 via git-clone (>=0.0.2 <=0.2.0)

git-clone NPM version =0.0.2, =1.0.0, =0.0.1, =1.0.0, =1.0.11 and more Source cves: CVE-2022-25900 Source advisory: SNYK:JS-GITCLONE-2434308...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-clone is a Clone a git repository Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to insecure usage of the --upload-pack feature of git. Note: A note was added to the README file of the package t...

CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

Security feature bypass

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...