[Snyk: Medium] Gitpython (Due 11/5/23)
Closed this issue · 1 comments
cnlucas commented
Introduced through
gitpython@3.1.32
Exploit maturity
Proof of Concept
Detailed paths
Introduced through: project@0.0.0 › gitpython@3.1.32
Fix: No remediation path available.
Security information
Factors contributing to the scoring:
Snyk: [CVSS 5.3](https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-5876644) - Medium Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
GitPython is a python library used to interact with Git repositories
Affected versions of this package are vulnerable to Directory Traversal due to improper validation of the final path. Although this vulnerability cannot be used to read the contents of files, it could potentially be used to trigger a denial of service for the program.