9.8
CVE-2023-40267
- EPSS 0.98%
- Veröffentlicht 11.08.2023 07:15:09
- Zuletzt bearbeitet 03.11.2025 22:16:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gitpython Project ≫ Gitpython SwPlatformpython Version < 3.1.32
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.98% | 0.577 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/
https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd
https://github.com/gitpython-developers/GitPython/pull/1609
https://lists.debian.org/debian-lts-announce/2024/10/msg00030.html