CVE-2023-40267

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 11, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-40267 is a newly disclosed vulnerability in GitPython before version 3.1.32. This issue arises due to an incomplete fix for a previous vulnerability, CVE-2022-24439. GitPython's clone and clone_from functions do not block insecure non-multi options, making them susceptible to attacks. Exploitation of this vulnerability could potentially lead to unauthorized access or data theft. Users are advised to update to the latest version of GitPython to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sTMIpb
https://www.cve.org/CVERecord?id=CVE-2023-40267
https://nvd.nist.gov/vuln/detail/CVE-2023-40267

Back to Vulnerability Database

CVE-2023-40267

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations