Beuc

**Name of the Vulnerable Software and Affected Versions** GitPython versions prior to 3.1.32 **Description** The issue is related to errors in processing input data in the GitPython library, which can allow a remote attacker to execute arbitrary code by injecting a specially crafted URL into the clone command. This is due to improper validation of user input, making it possible to inject a maliciously crafted remote URL into the clone command. The library makes external calls to git without sufficient sanitization of input arguments. **Recommendations** For versions prior to 3.1.32, update to version 3.1.32 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `clone` and `clone from` functions until a patch is available. Avoid using insecure non-multi options in the clone and clone from commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Spotweb version 1.4.9 **Description** The issue is related to SQL injection due to an inadequate protection mechanism. Specifically, the `notAllowedCommands` mechanism is incomplete, allowing variations of malicious payloads to be used. This problem exists because of an incomplete fix for a previous issue. **Recommendations** For Spotweb version 1.4.9, consider disabling the functionality that allows user input to be executed as SQL commands until a proper fix is available. Restrict access to sensitive database operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ALT Linux (affected versions not specified) **Description** The issue concerns a package vulnerability in ALT Linux. No specific details about the vulnerability, affected devices, or real-world incidents are provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DFArc versions prior to 3.14 DFArc2 versions prior to 3.14 Dink Smallwood HD versions prior to 3.14 **Description** The issue is related to directory traversal in the D-Mod extractor, which can be exploited by an attacker to overwrite arbitrary files on the user's system. **Recommendations** For DFArc versions prior to 3.14, update to version 3.14 or later. For DFArc2 versions prior to 3.14, update to version 3.14 or later. For Dink Smallwood HD versions prior to 3.14, update to version 3.14 or later.