gitpython@0.3.0-beta1 vulnerabilities
GitPython is a Python library used to interact with Git repositories
-
latest version
3.1.43
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
8 months ago
-
licenses detected
- [0.1.7,3.1.41)
Direct Vulnerabilities
Known vulnerabilities in the gitpython package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Untrusted Search Path via the use of an untrusted search path on Windows. An attacker can execute arbitrary code by placing a malicious Notes:
How to fix Untrusted Search Path? Upgrade |
[,3.1.41)
|
GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Directory Traversal due to improper validation of the final path. Although this vulnerability cannot be used to read the contents of files, it could potentially be used to trigger a denial of service for the program. How to fix Directory Traversal? Upgrade |
[,3.1.35)
|
GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Untrusted Search Path allowing an attacker to run any arbitrary commands through a downloaded repository with a malicious git executable. Note: This vulnerability affects only Windows systems. How to fix Untrusted Search Path? Upgrade |
[,3.1.33)
|
GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to an improper fix for CVE-2022-24439, which allows insecure non-multi options in How to fix Remote Code Execution (RCE)? Upgrade |
[,3.1.32)
|
GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to How to fix Remote Code Execution (RCE)? Upgrade |
[0,3.1.30)
|
GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when a user controls the input passed to the pattern matching function. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,3.1.27)
|