All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1", "binary_name": "python-git" }, { "binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1", "binary_name": "python-git-doc" }, { "binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1", "binary_name": "python3-git" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.1.8-1ubuntu0.1~esm1", "binary_name": "python-git" }, { "binary_version": "2.1.8-1ubuntu0.1~esm1", "binary_name": "python-git-doc" }, { "binary_version": "2.1.8-1ubuntu0.1~esm1", "binary_name": "python3-git" } ] }