Source: python-git X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for python-git. CVE-2022-24439[0]: | All versions of package gitpython are vulnerable to Remote Code | Execution (RCE) due to improper user input validation, which makes it | possible to inject a maliciously crafted remote URL into the clone | command. Exploiting this vulnerability is possible because the library | makes external calls to git without sufficient sanitization of input | arguments. https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 https://github.com/gitpython-developers/GitPython/issues/1515 https://github.com/gitpython-developers/GitPython/pull/1521 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-24439 https://www.cve.org/CVERecord?id=CVE-2022-24439 Please adjust the affected versions in the BTS as needed.