CVE-2022-24439

Опубликовано: 06 дек. 2022

Источник: ubuntu

Приоритет: medium

CVSS3: 8.1

Описание

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Релиз	Статус	Примечание
bionic	DNE
esm-infra/focal	DNE
focal	DNE
jammy	DNE
kinetic	DNE
trusty	ignored	end of standard support
upstream	needs-triage
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	released	2.1.8-1ubuntu0.1~esm1
esm-apps/focal	released	3.0.7-1ubuntu0.1~esm1
esm-apps/jammy	released	3.1.24-1ubuntu0.1~esm1
esm-apps/noble	needs-triage
esm-apps/xenial	released	1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1
esm-infra-legacy/trusty	not-affected	0.3.2~RC1-3ubuntu0.1~esm1
focal	ignored	end of standard support, was needed
jammy	needed

Показывать по

Ссылки на источники

8.1 High

CVSS3

Связанные уязвимости

CVE-2022-24439

CVSS3: 9.8

redhat

больше 2 лет назад

CVE-2022-24439

CVSS3: 8.1

nvd

больше 2 лет назад

CVE-2022-24439

CVSS3: 8.1

debian

больше 2 лет назад

All versions of package gitpython are vulnerable to Remote Code Execut ...

ROS-20240611-16

CVSS3: 9.8

redos

около 1 года назад

Уязвимость python3-GitPython

GHSA-hcpj-qp55-gfph

CVSS3: 8.1

github

больше 2 лет назад

GitPython vulnerable to Remote Code Execution due to improper user input validation

8.1 High

CVSS3

CVE-2022-24439

Описание

Пакет gitpython

Пакет python-git

Ссылки на источники

Связанные уязвимости