The vulnerability of the Python library for interacting with git repositories, GitPython, allows a hacker to execute arbitrary commands.

The vulnerability of the Python library for interacting with git repositories, GitPython, is related to the use of an unreliable search path. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the clone/clone_from components in the Python library for interacting with Git repositories in GitPython allows a malicious actor to execute arbitrary code.

The vulnerability of the clone/clonefrom components in the Python library for interacting with Git repositories in GitPython is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting a specially crafted URL address...

Path Traversal

gitpython is vulnerable to Path Traversal. The vulnerability exists in getrefinfohelper function of symbolic.py because it does not properly validate the local file path, which allows an attacker to access files outside the expected directory...

Arbitrary Code Execution

gitpython is vulnerable to Arbitrary Code Execution. The vulnerability exists because it does not properly validate the git executable. If a malicious repository packages a git executable, the library will default to using that executable when importing gitpython on Window. If an attacker tricks ...

SUSE CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

Ubuntu: Security Advisory (USN-6326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6326-1: GitPython vulnerability

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...

USN-6326-1 python-git vulnerability

It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 : GitPython vulnerability (USN-6326-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6326-1 advisory. It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker cou...

CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

DEBIAN-CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

agixt (>=1.2.3 <=1.3.138), aicrowd-cli (>=0.1.8 <=0.1.15) +543 more potentially affected by CVE-2023-41040 via gitpython (>=0.3.4 <=3.1.34)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-41040 Source advisory: OSV:PYSEC-2023-165...

PYSEC-2023-165

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

Directory traversal

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

PYSEC-2023-165

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

UBUNTU-CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

CVE-2023-41040

CVE-2023-41040 affects the Python Git library GitPython. In some code paths, a user-supplied file name is joined with the repository’s base directory without ensuring the final path stays inside the repo’s .git area, enabling a potential blind local file access scenario. Official descriptions not...

CVE-2023-41040 GitPython blind local file inclusion

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

CVE-2023-41040 GitPython blind local file inclusion

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...