Safety vulnerability ID: 52322
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261
Latest version: 3.1.43
GitPython is a Python library used to interact with Git repositories
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. See CVE-2022-24439.
MISC:https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249: https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249
MISC:https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application