Описание
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/bionic | released | 2.1.8-1ubuntu0.1~esm2 |
| esm-apps/focal | released | 3.0.7-1ubuntu0.1~esm2 |
| esm-apps/jammy | released | 3.1.24-1ubuntu0.1~esm2 |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | released | 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2 |
| esm-infra-legacy/trusty | not-affected | 0.3.2~RC1-3ubuntu0.1~esm2 |
| focal | ignored | end of standard support, was needed |
| jammy | needed |
Показывать по
Ссылки на источники
9.8 Critical
CVSS3
Связанные уязвимости
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
GitPython before 3.1.32 does not block insecure non-multi options in c ...
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Уязвимость компонентов clone/clone_from библиотеки Python для взаимодействия с git-репозиториями GitPython, позволяющая нарушителю выполнить произвольный код
9.8 Critical
CVSS3