Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-24439

Опубликовано: 06 дек. 2022
Источник: debian
EPSS Средний

Описание

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-gitfixed3.1.30-1package

Примечания

  • https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858

  • https://github.com/gitpython-developers/GitPython/commit/787359d80d80225095567340aa5e7ec01847fa9a (3.1.30)

  • https://github.com/gitpython-developers/GitPython/commit/678a8fe08dd466fcfe8676294b52887955138960 (3.1.30)

  • Follow-up fix: https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd (3.1.32, pending CVE request with Snyk)

EPSS

Процентиль: 99%
0.69549
Средний

Связанные уязвимости

ubuntu логотип

CVE-2022-24439

CVSS3: 8.1
ubuntu
больше 2 лет назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

redhat логотип

CVE-2022-24439

CVSS3: 9.8
redhat
больше 2 лет назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

nvd логотип

CVE-2022-24439

CVSS3: 8.1
nvd
больше 2 лет назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

redos логотип

ROS-20240611-16

CVSS3: 9.8
redos
около 1 года назад

Уязвимость python3-GitPython

github логотип

GHSA-hcpj-qp55-gfph

CVSS3: 8.1
github
больше 2 лет назад

GitPython vulnerable to Remote Code Execution due to improper user input validation

EPSS

Процентиль: 99%
0.69549
Средний