Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-24439

Опубликовано: 06 дек. 2022
Источник: debian
EPSS Высокий

Описание

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-gitfixed3.1.30-1package

Примечания

  • https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858

  • https://github.com/gitpython-developers/GitPython/commit/787359d80d80225095567340aa5e7ec01847fa9a (3.1.30)

  • https://github.com/gitpython-developers/GitPython/commit/678a8fe08dd466fcfe8676294b52887955138960 (3.1.30)

  • Follow-up fix: https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd (3.1.32, pending CVE request with Snyk)

EPSS

Процентиль: 99%
0.7015
Высокий

Связанные уязвимости

ubuntu логотип

CVE-2022-24439

CVSS3: 8.1
ubuntu
около 3 лет назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

redhat логотип

CVE-2022-24439

CVSS3: 9.8
redhat
около 3 лет назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

nvd логотип

CVE-2022-24439

CVSS3: 8.1
nvd
около 3 лет назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

github логотип

GHSA-hcpj-qp55-gfph

CVSS3: 8.1
github
около 3 лет назад

GitPython vulnerable to Remote Code Execution due to improper user input validation

fstec логотип

BDU:2024-04480

CVSS3: 9.8
fstec
около 3 лет назад

Уязвимость библиотеки Python для взаимодействия с git-репозиториями gitpython, связанная с неправильной проверкой ввода, позволяющая нарушителю внедрить вредоносный удаленный URL-адрес в команду клонирования

EPSS

Процентиль: 99%
0.7015
Высокий