All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitpython project gitpython |
||
fedoraproject fedora 36 |
||
fedoraproject fedora 37 |
||
fedoraproject fedora 38 |
||
debian debian linux 10.0 |