VDB

DEBIAN-CVE-2022-24439

DEBIAN-CVE-2022-24439 PUBLISHED CVSS 9.800000190734863 CRITICAL

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:13python-git0, 0, 0
Debian:14python-git0, 0, 0
Debian:11python-git3.1.14-1, 0, 3.1.14-1
Debian:12python-git0, 0, 0

Timeline

  • Dec 6, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›