Skip to content

Commit

Permalink
Fix CVE-2023-40267 (ansible#14388) (ansible#6471)
Browse files Browse the repository at this point in the history 
CVE-2023-40267 GitPython: Insecure non-multi options in clone and clone_from is not blocked https://bugzilla.redhat.com/show_bug.cgi?id=2231474

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

References:
gitpython-developers/GitPython@ca965ec gitpython-developers/GitPython#1609
  • Loading branch information
@TheRealHaoLiu
TheRealHaoLiu authored Aug 29, 2023
1 parent 86982de commit 767715c
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion requirements/requirements.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ django-taggit
djangorestframework==3.13.1
djangorestframework-yaml
filelock
GitPython>=3.1.30 # CVE-2022-24439
GitPython>=3.1.32 # CVE-2023-40267
irc
jinja2>=2.11.3 # CVE-2020-28493
JSON-log-formatter
Expand Down
2 changes: 1 addition & 1 deletion requirements/requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ future==0.18.3
# via django-radius
gitdb==4.0.2
# via gitpython
gitpython==3.1.30
gitpython==3.1.32
# via -r /awx_devel/requirements/requirements.in
google-auth==1.35.0
# via kubernetes
Expand Down

0 comments on commit 767715c

Please sign in to comment.