PYSEC-2023-137 — Vulnetix

PYSEC-2023-137 PUBLISHED

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected Products

Vendor	Product	Versions
PyPI	gitpython	0, 0, 0.1.7

Timeline

Aug 11, 2023 CVE Published
Nov 8, 2023 CVE Updated

References

https://github.com/gitpython-developers/GitPython/pull/1609 fix
https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd fix

Open in Interactive Console →