Holmie

**Name of the Vulnerable Software and Affected Versions** Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 **Description** A user with permissions to add or modify a GitRepository record can use the REST API to directly set the `current head` field, which is not intended to be user-editable. This action may cause local clones of the repository to check out a commit other than the latest one on the specified `branch`, leading to a misleading state. Additionally, it could render the repository unusable if `current head` is set to a malformed value or a nonexistent commit hash. **Recommendations** Update to version 2.4.33. Update to version 3.1.2. Carefully review and restrict permissions granted to users for creating and modifying GitRepository records.