Vulnerabilities (CVE)

Filtered by vendor Gitpython Project Subscribe

Filtered by product Gitpython

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-24439	3 Debian, Fedoraproject, Gitpython Project	3 Debian Linux, Fedora, Gitpython	2024-01-09	N/A	9.8 CRITICAL
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
CVE-2023-40267	1 Gitpython Project	1 Gitpython	2023-08-22	N/A	9.8 CRITICAL
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.