VDB
DEBIAN-CVE-2022-24439
DEBIAN-CVE-2022-24439
PUBLISHED
CVSS 9.800000190734863 CRITICAL
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | python-git | 0, 0, 0 |
| Debian:14 | python-git | 0, 0, 0 |
| Debian:11 | python-git | 3.1.14-1, 0, 3.1.14-1 |
| Debian:12 | python-git | 0, 0, 0 |
Exploit Intelligence
- muhammadhendro/CVE-2022-24439 (github-poc-repo)
- Method I used for my Practical Pentest Module. (github-poc-repo)
- Method I used for my Practical Pentest Module. (github-poc)
- muhammadhendro/CVE-2022-24439 (github-poc)
Timeline
- Dec 6, 2022 CVE Published
- Apr 28, 2026 CVE Updated