CVE-2024-22190

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 11, 2024

Updated: Jan 18, 2024

CWE ID 426

Summary

CVE-2024-22190 is a newly disclosed vulnerability affecting GitPython, a Python library utilized for interacting with Git repositories. Although a partial fix was implemented for CVE-2023-40590, the issue persists on Windows systems. In this environment, GitPython relies on an untrustworthy search path when executing `git` commands and when interpreting hooks via `bash.exe`. A potential attacker could leverage this weakness by introducing malicious `git.exe` or `bash.exe` files within an untrusted repository. The vulnerability has been remedied in GitPython version 3.1.41.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uEUYfi
https://www.cve.org/CVERecord?id=CVE-2024-22190
https://nvd.nist.gov/vuln/detail/CVE-2024-22190

Back to Vulnerability Database

CVE-2024-22190

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations