Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Untrusted search path under some conditions on Windows allows arbitrary code execution
Vulnerability Description
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不可信的搜索路径
Vulnerability Title
GitPython 代码问题漏洞
Vulnerability Description
GitPython是gitpython-developers开源的一个用于与 Git 存储库交互的 Python 库。 GitPython 3.1.40及之前版本存在代码问题漏洞,该漏洞源于允许攻击者通过不受信任的搜索路径执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A