CVE-2024-22190
- EPSS 0.27%
- Published 11.01.2024 02:15:48
- Last modified 21.11.2024 08:55:45
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret ...
CVE-2023-41040
- EPSS 0.28%
- Published 30.08.2023 22:15:09
- Last modified 21.11.2024 08:20:26
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't ...
CVE-2023-40590
- EPSS 0.39%
- Published 28.08.2023 18:15:08
- Last modified 21.11.2024 08:19:46
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs G...
CVE-2023-40267
- EPSS 0.34%
- Published 11.08.2023 07:15:09
- Last modified 21.11.2024 08:19:05
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
CVE-2022-24439
- EPSS 70.54%
- Published 06.12.2022 05:15:11
- Last modified 21.11.2024 06:50:25
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possibl...