7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.7%
GitPython is a python library used to interact with Git repositories. There
is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an
untrusted search path if it uses a shell to run git
, as well as when it
runs bash.exe
to interpret hooks. If either of those features are used on
Windows, a malicious git.exe
or bash.exe
may be run from an untrusted
repository. This issue has been patched in version 3.1.41.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python-git | < any | UNKNOWN |
ubuntu | 20.04 | noarch | python-git | < any | UNKNOWN |
ubuntu | 22.04 | noarch | python-git | < any | UNKNOWN |
ubuntu | 23.10 | noarch | python-git | < any | UNKNOWN |
ubuntu | 24.04 | noarch | python-git | < any | UNKNOWN |
ubuntu | 14.04 | noarch | python-git | < any | UNKNOWN |
ubuntu | 16.04 | noarch | python-git | < any | UNKNOWN |
github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f
github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f (3.1.41)
github.com/gitpython-developers/GitPython/pull/1792
github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx
launchpad.net/bugs/cve/CVE-2024-22190
nvd.nist.gov/vuln/detail/CVE-2024-22190
security-tracker.debian.org/tracker/CVE-2024-22190
www.cve.org/CVERecord?id=CVE-2024-22190
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.7%