CVE-2023-40267
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 11, 2023
Updated: Nov 7, 2023
Summary
CVE-2023-40267 is a newly disclosed vulnerability in GitPython before version 3.1.32. This issue arises due to an incomplete fix for a previous vulnerability, CVE-2022-24439. GitPython's clone and clone_from functions do not block insecure non-multi options, making them susceptible to attacks. Exploitation of this vulnerability could potentially lead to unauthorized access or data theft. Users are advised to update to the latest version of GitPython to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share