agixt (>=1.2.3 <=1.3.155), aicrowd-cli (>=0.1.8 <=0.1.15) +594 more potentially affected by CVE-2024-22190 via gitpython (>=0.3.4 <=3.1.40)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.1b0, =0.0.3, =6.1.3, =0.0.3, =0.0.5rc2 - apache-liminal-test-spark =0.0.0 and more Source cves: CVE-2024-22190 Source advisory: OSV:PYSEC-2024-4...

agixt (>=1.2.3 <=1.3.155), aicrowd-cli (>=0.1.8 <=0.1.15) +594 more potentially affected by CVE-2024-22190 via gitpython (>=0.3.4 <=3.1.40)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.1b0, =0.0.3, =6.1.3, =0.0.3, =0.0.5rc2 - apache-liminal-test-spark =0.0.0 and more Source cves: CVE-2024-22190 Source advisory: OSV:GHSA-2MQJ-M65W-JGHX...

The vulnerability of the Python library for interacting with git repositories, GitPython, allows a hacker to execute arbitrary commands.

The vulnerability of the Python library for interacting with git repositories, GitPython, is related to the use of an unreliable search path. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

USN-6326-1: GitPython vulnerability

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...

USN-6326-1 python-git vulnerability

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...

agixt (>=1.2.3 <=1.3.129), aicrowd-cli (>=0.1.8 <=0.1.15) +541 more potentially affected by CVE-2023-40590 via gitpython (>=0.3.4 <=3.1.32)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40590 Source advisory: OSV:PYSEC-2023-161...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +524 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:GHSA-PR76-5CM5-W9CJ...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +524 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:PYSEC-2023-137...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GitPython vulnerability (USN-5968-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5968-1 advisory. It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a...

aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +457 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)

gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: OSV:GHSA-HCPJ-QP55-GFPH...

PYSEC-2022-42992

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...