All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
{ "nvd_published_at": "2022-12-06T05:15:00Z", "cwe_ids": [ "CWE-20", "CWE-94" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-12-06T14:33:52Z" }