VDB

SNYK-PYTHON-GITPYTHON-3113858

SNYK-PYTHON-GITPYTHON-3113858 PUBLISHED CVSS 8.100000381469727 HIGH

## Overview [GitPython](https://pypi.org/project/GitPython/) is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to `git` without sufficient sanitization of input arguments. This is only relevant when enabling the `ext` transport protocol. ## PoC ```python from git import Repo r = Repo.init('', bare=True) r.clone_from('ext::sh -c touch% /tmp/pwned', 'tmp', multi_options=["-c protocol.ext.allow=always"]) ``` ## Remediation Upgrade `GitPython` to version 3.1.30 or higher. ## References - [GitHub Commit](https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261) - [GitHub Issue](https://github.com/gitpython-developers/GitPython/issues/1517) - [Vulnerable Code](https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py#L1249)

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

Affected Products

VendorProductVersions
0

Timeline

  • Nov 13, 2022 CVE Updated
  • Dec 5, 2022 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›