Wind River Support Network


LIN1021-4909 : Security Advisory - python-git - CVE-2022-24439

Created: Dec 11, 2022    Updated: Dec 13, 2022
Found In Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace


All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

CREATE(Triage):(User=admin) CVE-2022-24439 (
Live chat