-
-
Notifications
You must be signed in to change notification settings - Fork 905
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution #1635
Comments
Thanks. This advisory originated in this repository and is thus known: GHSA-wfm5-v35h-vwf4 . However, it seems hard to communicate using an advisory, so we can keep this issue open to collect comments. |
BTW, there is another vulnerability that was reported, that is also pending a fix GHSA-cwvm-v4w8-q58c. Looks like a CVE wasn't requested for that one. |
I thought for something less critical, it wouldn't be worth a whole CVE entry. |
@Byron only maintainers can request CVEs. If this was intentional, I don't mind having no CVE for that advisory 👍, I was suggesting it since it looks like people are more pending on CVEs than plain advisories (or that seems to me). We could also create a new issue linking to the advisory, so people are more aware of it. |
I am happy to follow your advise and requested a CVE. It should increase visibility and with that, the chance for a fix. |
The fix was released here: https://pypi.org/project/GitPython/3.1.33/ |
This appeared in the CVE additional information here GHSA-wfm5-v35h-vwf4.
I found it reported already. I am reporting it here just in case.
The text was updated successfully, but these errors were encountered: