CVE-2022-24439

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gitpython_project:gitpython:*:*:*:*:*:python:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

22 Aug 2023, 19:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/ -

25 Jul 2023, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-06 05:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-24439

Mitre link : CVE-2022-24439

CVE.ORG link : CVE-2022-24439


JSON object : View

Products Affected

gitpython_project

  • gitpython

fedoraproject

  • fedora

debian

  • debian_linux
CWE
CWE-20

Improper Input Validation