Описание
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-git | fixed | 3.1.36-1 | package | |
| python-git | fixed | 3.1.30-1+deb12u2 | bookworm | package |
Примечания
https://github.com/gitpython-developers/GitPython/pull/1609
https://github.com/gitpython-developers/GitPython/commit/5c59e0d63da6180db8a0b349f0ad36fef42aceed (3.1.32)
EPSS
Связанные уязвимости
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Уязвимость компонентов clone/clone_from библиотеки Python для взаимодействия с git-репозиториями GitPython, позволяющая нарушителю выполнить произвольный код
EPSS