Sam Wheating

**Name of the Vulnerable Software and Affected Versions** simple-git versions prior to 3.15.0 **Description** The issue allows for Remote Code Execution (RCE) when the `ext` transport protocol is enabled, making it exploitable via the `clone()` method. This is due to an incomplete fix of a previous issue. **Recommendations** For versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue. As a temporary workaround, consider disabling the `ext` transport protocol to minimize the risk of exploitation. Restrict access to the `clone()` method until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** gitpython versions (affected versions not specified) **Description** The issue is related to improper user input validation in the gitpython library, which allows for Remote Code Execution (RCE) due to insufficient sanitization of input arguments when making external calls to git. This enables an attacker to inject a maliciously crafted remote URL into the clone command. The vulnerability is exploited because of the library's failure to properly clean input arguments before passing them to git. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flask-AppBuilder versions prior to 3.4.4 **Description** The issue concerns a user enumeration vulnerability in Flask-AppBuilder, an application development framework built on top of the Flask web framework. This vulnerability allows a non-authenticated user to enumerate existing accounts by timing the response time from the server when logging in. **Recommendations** For versions prior to 3.4.4, upgrade to version 3.4.4 as soon as possible. There are no known workarounds for this issue.