MGASA-2023-0001

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2022-24439

Published: 13 Jan 2023, 17:37

Last modified:16 Apr 2026, 04:23

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Jan 2023, 17:37

Published

Vulnerability first disclosed

16 Apr 2026, 04:23

Last Modified

Vulnerability information updated

Description

Updated python-gitpython packages fix security vulnerability Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. This is only relevant when enabling the ext transport protocol (CVE-2022-24439)

Affected Systems

mageia•python-gitpython
< 3.1.30-1.mga8

References (4)

https://advisories.mageia.org/MGASA-2023-0001.html
https://bugs.mageia.org/show_bug.cgi?id=31242
https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN/