Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-40267

Опубликовано: 11 авг. 2023
Источник: redhat
CVSS3: 9.8
EPSS Низкий

Описание

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.

Отчет

In Red Hat Openstack, Red Hat Ansible Automation Platform, and Red Hat Certification Program, while the gitpython dependency is present, the affected codebase is not being used. Red Hat Satellite does not use the affected functions during runtime, therefore the possible impact is limited to Moderate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2gitpythonNot affected
Red Hat Ansible Tower 3gitpythonAffected
Red Hat Certification for Red Hat Enterprise Linux 6redhat-certification-backendOut of support scope
Red Hat Certification for Red Hat Enterprise Linux 7redhat-certificationOut of support scope
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certificationAffected
Red Hat Certification for Red Hat Enterprise Linux 9redhat-certificationAffected
Red Hat OpenStack Platform 16.1GitPythonFix deferred
Red Hat OpenStack Platform 16.2GitPythonFix deferred
Red Hat OpenStack Platform 17.0GitPythonFix deferred
Red Hat OpenStack Platform 17.1GitPythonAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2231474GitPython: Insecure non-multi options in clone and clone_from is not blocked

EPSS

Процентиль: 51%
0.00276
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-40267

CVSS3: 9.8
ubuntu
почти 2 года назад

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

nvd логотип

CVE-2023-40267

CVSS3: 9.8
nvd
почти 2 года назад

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

debian логотип

CVE-2023-40267

CVSS3: 9.8
debian
почти 2 года назад

GitPython before 3.1.32 does not block insecure non-multi options in c ...

github логотип

GHSA-pr76-5cm5-w9cj

CVSS3: 9.8
github
почти 2 года назад

GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

fstec логотип

BDU:2023-05150

CVSS3: 9.8
fstec
почти 2 года назад

Уязвимость компонентов clone/clone_from библиотеки Python для взаимодействия с git-репозиториями GitPython, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 51%
0.00276
Низкий

9.8 Critical

CVSS3

Уязвимость CVE-2023-40267