GitPython: Blind local file inclusion

A path traversal vulnerability was found in GitPython due to an input validation error when reading from the ".git" directory. This issue may allow a remote attacker to prepare a specially crafted ".git" file with directory traversal characters in file names and force the application to read thes...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

GitPython: Code Execution via Crafted Input

Background GitPython is a Python library used to interact with Git repositories. Description Please review the CVE identifier referenced below for details. Impact An attacker may be able to trigger Remote Code Execution RCE due to improper user input validation, which makes it possible to inject ...

GLSA-202311-01 : GitPython: Code Execution via Crafted Input

The remote host is affected by the vulnerability described in GLSA-202311-01 GitPython: Code Execution via Crafted Input - All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted...

CVE-2023-41040

A path traversal vulnerability was found in GitPython due to an input validation error when reading from the ".git" directory. This issue may allow a remote attacker to prepare a specially crafted ".git" file with directory traversal characters in file names and force the application to read thes...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

GitPython: improper user input validation leads into a RCE

A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise...

Debian dla-3589 : python-git - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3589 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3589-1 [email protected] https://www.debian.org/lts/security/...

openSUSE 15 Security Update : python-GitPython (openSUSE-SU-2023:0271-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0271-1 advisory. - GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git...

Security update for python-GitPython (moderate)

openSUSE Security Update: Security update for python-GitPython Announcement ID: openSUSE-SU-2023:0271-1 Rating: moderate References: 1214810 Cross-References: CVE-2023-41040 CVSS scores: CVE-2023-41040 NVD : 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-41040 SUSE: 4...

openSUSE 15 Security Update : python-GitPython (openSUSE-SU-2023:0259-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0259-1 advisory. - GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git...

OPENSUSE-SU-2023:0271-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues: - CVE-2023-41040: Fixed directory traversal attack vulnerability boo1214810...

OPENSUSE-SU-2023:0259-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues: - CVE-2023-41040: Fixed directory traversal attack vulnerability boo1214810...

Security update for python-GitPython (moderate)

openSUSE Security Update: Security update for python-GitPython Announcement ID: openSUSE-SU-2023:0259-1 Rating: moderate References: 1214810 Cross-References: CVE-2023-41040 CVSS scores: CVE-2023-41040 NVD : 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-41040 SUSE: 4...

ROS-20230915-13

A vulnerability in the symbolic.py component of the Python library for interacting with GitPython git repositories is related to a flaw in the directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected...

OESA-2023-1628 python-GitPython security update

GitPythonis a python library used to interact with Git repositories.GitPython provides object model read and write access to your git repository. Access repository information conveniently, alter the index directly, handle remotes, or go down to low-level object database access with big-files...

The vulnerability of the symbolic.py component in the Python library for interacting with Git repositories in GitPython allows a malicious individual to gain unauthorized access to protected information or cause service failures.

The vulnerability of the symbolic.py component in the Python library for interacting with git repositories in GitPython is related to shortcomings in pathname restrictions for directories. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...