{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-24439","assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","assignerShortName":"snyk","dateUpdated":"2025-11-03T21:46:05.215Z","dateReserved":"2022-02-24T00:00:00.000Z","datePublished":"2022-12-12T01:49:10.008Z"},"containers":{"cna":{"title":"Remote Code Execution (RCE)","datePublic":"2022-12-06T00:00:00.000Z","providerMetadata":{"orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk","dateUpdated":"2023-11-01T13:06:09.960Z"},"descriptions":[{"lang":"en","value":"All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments."}],"affected":[{"vendor":"n/a","product":"GitPython","versions":[{"version":"0","status":"affected","lessThan":"unspecified","versionType":"custom"}]}],"references":[{"url":"https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858"},{"url":"https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249"},{"name":"FEDORA-2022-8146a727a8","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN/"},{"name":"FEDORA-2022-ce7369b9ec","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJHN3QUXPJIMM6SULIR3PR34UFWRAE7X/"},{"name":"[debian-lts-announce] 20230725 [SECURITY] [DLA 3502-1] python-git security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00024.html"},{"name":"FEDORA-2023-1ec4e542f9","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/"},{"name":"FEDORA-2023-26116901d9","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/"},{"name":"GLSA-202311-01","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202311-01"}],"credits":[{"lang":"en","value":"Sam Wheating"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Remote Code Execution (RCE)"}]}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858","tags":["x_transferred"]},{"url":"https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249","tags":["x_transferred"]},{"name":"FEDORA-2022-8146a727a8","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN/"},{"name":"FEDORA-2022-ce7369b9ec","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJHN3QUXPJIMM6SULIR3PR34UFWRAE7X/"},{"name":"[debian-lts-announce] 20230725 [SECURITY] [DLA 3502-1] python-git security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00024.html"},{"name":"FEDORA-2023-1ec4e542f9","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/"},{"name":"FEDORA-2023-26116901d9","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/"},{"name":"GLSA-202311-01","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202311-01"},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00030.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:46:05.215Z"}}]}}