fecgov/fec-eregs

[Snyk: Medium] Gitpython (Due 11/5/23)

Closed this issue · 1 comments

Introduced through
gitpython@3.1.32

Exploit maturity
Proof of Concept

Detailed paths

Introduced through: project@0.0.0 › gitpython@3.1.32
Fix: No remediation path available. 

Security information
Factors contributing to the scoring:

Snyk: [CVSS 5.3](https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5876644) - Medium Severity
NVD: Not available. NVD has not yet published its analysis.

Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview

GitPython is a python library used to interact with Git repositories

Affected versions of this package are vulnerable to Directory Traversal due to improper validation of the final path. Although this vulnerability cannot be used to read the contents of files, it could potentially be used to trigger a denial of service for the program.

pkfec commented

gitpython package upgraded to v3.1.35 in pr #796. Closing this issue