Acknowledged
Created: Dec 11, 2022
Updated: Dec 13, 2022
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
CREATE(Triage):(User=admin) CVE-2022-24439 (https://nvd.nist.gov/vuln/detail/CVE-2022-24439)