{"id":"MGASA-2023-0001","summary":"Updated python-gitpython packages fix security vulnerability","details":"Remote Code Execution (RCE) due to improper user input validation, which\nmakes it possible to inject a maliciously crafted remote URL into the\nclone command. Exploiting this vulnerability is possible because the\nlibrary makes external calls to git without sufficient sanitization of\ninput arguments. This is only relevant when enabling the ext transport\nprotocol (CVE-2022-24439)\n","modified":"2026-04-16T00:12:42.403508215Z","published":"2023-01-13T17:37:09Z","upstream":["CVE-2022-24439"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0001.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31242"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN/"}],"affected":[{"package":{"name":"python-gitpython","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python-gitpython?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.30-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0001.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}