Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitpython project gitpython vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-40267
GitPython prior to 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
Gitpython Project Gitpython
9.8
CVSSv3
CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes ex...
Gitpython Project Gitpython
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
2 Github repositories
7.8
CVSSv3
CVE-2024-22190
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those feat...
Gitpython Project Gitpython
1 Github repository
7.8
CVSSv3
CVE-2023-40590
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `gi...
Gitpython Project Gitpython
2 Github repositories
6.5
CVSSv3
CVE-2023-41040
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is lo...
Gitpython Project Gitpython
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started