CVE-2023-40590

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

CVE-2023-40590 Untrusted search path on Windows systems leading to arbitrary code execution

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

CVE-2023-40590 Untrusted search path on Windows systems leading to arbitrary code execution

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

CVE-2023-40590

GitPython (CVE-2023-40590) on Windows can execute a malicious git.exe/git in the current repository when GitPython runs git via a shell or when hooks use bash.exe, enabling arbitrary code execution. A patch exists: GitPython 3.1.41 (and advisories note this incomplete fix was addressed). Mitigati...

CVE-2023-40590

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

GitPython 代码问题漏洞

GitPython is a Python library for interacting with Git repositories open-sourced by gitpython-developers. A code issue vulnerability exists in GitPython 3.1.32 and earlier versions, which stems from the fact that an attacker can trick a user into downloading a repository with a malicious git...

Untrusted Search Path

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

PT-2023-4751 · Gitpython +1 · Gitpython +1

Name of the Vulnerable Software and Affected Versions: GitPython affected versions not specified Description: The issue is related to how Python interacts with Windows systems, specifically when resolving a program. GitPython defaults to use the git command, and if a user runs it from a repositor...

OESA-2023-1529 python-GitPython security update

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. Security Fixes: All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inje...

[SECURITY] Fedora 37 Update: GitPython-3.1.32-1.fc37

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

Fedora: Security Advisory for GitPython (FEDORA-2023-26116901d9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : GitPython (2023-26116901d9)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-26116901d9 advisory. New upstream release fixing CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora: Security Advisory for GitPython (FEDORA-2023-1ec4e542f9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-40267

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

Fedora 38 : GitPython (2023-1ec4e542f9)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ec4e542f9 advisory. New upstream release fixing CVE-2022-24439. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clone function of base.py does not properly sanitize the non-multi options, which allows an attacker to inject an OS command into the clone command. NOTE: this issue exists because of an incomplete fix for...

SUSE CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

GHSA-PR76-5CM5-W9CJ GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...

agixt (>=1.2.3 <=1.3.89), aicrowd-cli (>=0.1.8 <=0.1.15) +524 more potentially affected by CVE-2023-40267 via gitpython (>=0.3.4 <=3.1.31)

gitpython PYPI version =0.3.4, =1.2.3, =0.1.8, =0.5.0, =1.0.0, =1.0.1, =0.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =2.0.0 and more Source cves: CVE-2023-40267 Source advisory: OSV:GHSA-PR76-5CM5-W9CJ...

GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...