CVE-2022-24439 in gitpythoninformazioni

Riassunto

di MITRE • 06/12/2022

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

Snyk

Prenotare

24/02/2022

Divulgazione

06/12/2022

Moderazione

accettato

CPE

pronto

EPSS

0.05378

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!