Published: 11/08/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

GitPython prior to 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitpython project gitpython

Debian Bug report logs - #1043503 python-git: CVE-2023-40267 Package: src:python-git; Maintainer for src:python-git is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 Aug 2023 05:36:02 UTC Severity: important Tags: security, upstream Found in v ...

Synopsis Low: Red Hat Ansible Automation Platform 23 Product Security and Bug Fix Update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 23Red Hat Product Sec ...

Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...

NVD-CWE-noinfo https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd https://github.com/gitpython-developers/GitPython/pull/1609 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043503 https://nvd.nist.gov

CVE-2023-40267

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect