Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-24439

Опубликовано: 06 дек. 2022
Источник: debian

Описание

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-gitfixed3.1.30-1package

Примечания

  • https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858

  • https://github.com/gitpython-developers/GitPython/commit/787359d80d80225095567340aa5e7ec01847fa9a (3.1.30)

  • https://github.com/gitpython-developers/GitPython/commit/678a8fe08dd466fcfe8676294b52887955138960 (3.1.30)

  • Follow-up fix: https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd (3.1.32, pending CVE request with Snyk)

Связанные уязвимости

ubuntu логотип

CVE-2022-24439

CVSS3: 8.1
ubuntu
почти 3 года назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

redhat логотип

CVE-2022-24439

CVSS3: 9.8
redhat
почти 3 года назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

nvd логотип

CVE-2022-24439

CVSS3: 8.1
nvd
почти 3 года назад

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

redos логотип

ROS-20240611-16

CVSS3: 9.8
redos
больше 1 года назад

Уязвимость python3-GitPython

github логотип

GHSA-hcpj-qp55-gfph

CVSS3: 8.1
github
почти 3 года назад

GitPython vulnerable to Remote Code Execution due to improper user input validation