CVE-2024-22190

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 11, 2024
Updated: Jan 18, 2024
CWE ID 426

Summary

CVE-2024-22190 is a vulnerability in GitPython, a python library used for interacting with Git repositories. The vulnerability stems from an incomplete fix for CVE-2023-40590 and affects Windows users. When GitPython uses a shell to run git or runs bash.exe to interpret hooks, it employs an untrusted search path. This means that if either of these features are used on Windows, a malicious git.exe or bash.exe could be executed from an untrusted repository. The issue has been addressed in version 3.1.41 of GitPython. This vulnerability poses a high risk to organizations as it could lead to the execution of malicious code and compromise the integrity and confidentiality of their systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22190 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options