Published: 11/01/2024 Updated: 18/01/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitpython project gitpython

Personal use library to "manage" my poetry-based package maintenance tasks.

Manage Introduction In learning how to perform releases to PyPI, I became somewhat "disenchanted" by all the various manual steps and required In the spirit of GTD, a Makefile (or personal favorite Justfile) was a good starting point However, even these left something to be desired which led me to Thomas Feldman's managepy environment I wanted to combine the

CWE-426 https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx https://github.com/gitpython-developers/GitPython/pull/1792 https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f https://nvd.nist.gov https://github.com/PBorocz/manage

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-22190

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect