[Snyk: High] Gitpython (Due 09/30/23) #5878
Labels
Security: general
General security concern or issue
Security: high
Remediate within 30 days
Work: Back-end
Milestone
Gitpython -Untrusted Search Path
Introduced through
gitpython@3.1.32
Fixed in
gitpython@3.1.33
Detailed paths and remediation
Security information
Factors contributing to the scoring:
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
GitPython is a python library used to interact with Git repositories
Affected versions of this package are vulnerable to Untrusted Search Path allowing an attacker to run any arbitrary commands through a downloaded repository with a malicious git executable.
Note: This vulnerability affects only Windows systems.
Completion Criteria
[ ] We have either upgraded and removed the vulnerability, or determined we are not affected
The text was updated successfully, but these errors were encountered: