This repository was archived by the owner on May 22, 2024. It is now read-only.
This repository was archived by the owner on May 22, 2024. It is now read-only.
[Snyk:High] Upgrade gitpython(due by 01/7/2023) #728
Closed
Description
Introduced through
[email protected]
Exploit maturity
No known exploit
Detailed paths
Introduced through: [email protected] › [email protected]
Fix: No remediation path available.
Security information
Factors contributing to the scoring:
Snyk: [CVSS 8.1](https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858) - High Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
GitPython is a python library used to interact with Git repositories
Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.