ALT-PU-2023-8416-1
Package python3-module-GitPython updated to version 3.1.32-alt1 for branch sisyphus in task 325671.
Closed vulnerabilities
Published: 2023-08-11
BDU:2023-05150
Уязвимость компонентов clone/clone_from библиотеки Python для взаимодействия с git-репозиториями GitPython, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-08-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd
- https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd
- https://github.com/gitpython-developers/GitPython/pull/1609
- https://github.com/gitpython-developers/GitPython/pull/1609
- FEDORA-2023-26116901d9
- FEDORA-2023-26116901d9
- FEDORA-2023-1ec4e542f9
- FEDORA-2023-1ec4e542f9