CVE-2023-41040

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 30, 2023

Updated: Sep 29, 2023

CWE ID 22

Summary

CVE-2023-41040 is a vulnerability affecting GitPython, a Python library for interacting with Git repositories. The issue lies in the way GitPython reads files from the `.git` directory, allowing users to specify the name of the file to be read. The library fails to verify if the file is located within the `.git` directory, making it possible for an attacker to make GitPython read arbitrary files on the system. Although this vulnerability does not enable file content retrieval, it could potentially trigger a denial-of-service condition. The affected code can be found in <https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175>. The issue has not yet been addressed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database