Wind River Support Network

HomeDefectsLIN1021-4909
Acknowledged

LIN1021-4909 : Security Advisory - python-git - CVE-2022-24439

Created: Dec 11, 2022    Updated: Dec 13, 2022
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

CREATE(Triage):(User=admin) CVE-2022-24439 (https://nvd.nist.gov/vuln/detail/CVE-2022-24439)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube