Remote Code Execution (RCE) Vulnerability in gitpython Allows Injection of Malicious Remote URLs

Remote Code Execution (RCE) Vulnerability in gitpython Allows Injection of Malicious Remote URLs

CVE-2022-24439 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Learn more about our External Network Penetration Testing.