CVE-2023-41040

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-41040
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41040.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-41040
Aliases
Related
Published
2023-08-30T22:15:09Z
Modified
2024-10-29T15:50:22.021469Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has been addressed in version 3.1.37.

References

Affected packages

Debian:11 / python-git

Package

Name
python-git
Purl
pkg:deb/debian/python-git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.14-1+deb11u1

Affected versions

3.*

3.1.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-git

Package

Name
python-git
Purl
pkg:deb/debian/python-git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.30-1+deb12u2

Affected versions

3.*

3.1.30-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-git

Package

Name
python-git
Purl
pkg:deb/debian/python-git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.36-1

Affected versions

3.*

3.1.30-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gitpython-developers/gitpython

Affected ranges

Type
GIT
Repo
https://github.com/gitpython-developers/gitpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.1.4
0.1.4-pre
0.1.5
0.1.6
0.2.0-beta1
0.3.0-beta1
0.3.0-beta2
0.3.1-beta1
0.3.1-beta2
0.3.2
0.3.2-RC1
0.3.2.1
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7

1.*

1.0.0
1.0.1
1.0.2

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.18
3.1.19
3.1.2
3.1.20
3.1.22
3.1.23
3.1.24
3.1.25
3.1.26
3.1.27
3.1.28
3.1.29
3.1.3
3.1.30
3.1.31
3.1.32
3.1.33
3.1.34
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9

Other

winerr_show