Skip to content
This repository was archived by the owner on May 22, 2024. It is now read-only.
This repository was archived by the owner on May 22, 2024. It is now read-only.

[Snyk:High] Upgrade gitpython(due by 01/7/2023) #728

Closed
#737
Closed
[Snyk:High] Upgrade gitpython(due by 01/7/2023)#728
#737
Assignees
cnlucas
Labels
Security: generalGeneral security concern or issueSecurity: highRemediate within 30 days
Milestone
 
Sprint 20.3
@cnlucas

Description

@cnlucas
cnlucas
opened on Dec 7, 2022

Introduced through
[email protected]

Exploit maturity
No known exploit

Detailed paths

Introduced through: [email protected][email protected]
Fix: No remediation path available.

Security information
Factors contributing to the scoring:

Snyk: [CVSS 8.1](https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858) - High Severity
NVD: Not available. NVD has not yet published its analysis.

Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview

GitPython is a python library used to interact with Git repositories

Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Metadata

Metadata

Assignees

Labels

Security: generalGeneral security concern or issueSecurity: highRemediate within 30 days

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions