CVE-2024-22190

Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.41

Description The issue is related to the use of an untrusted search path in GitPython, a Python library for interacting with Git repositories. This could allow an attacker to execute arbitrary code with elevated privileges using a specially crafted binary file. On Windows, the vulnerability occurs when GitPython uses a shell to run git or when it runs bash.exe to interpret hooks, potentially leading to the execution of a malicious git.exe or bash.exe from an untrusted repository.

Recommendations For versions prior to 3.1.41, update to version 3.1.41 to resolve the issue. As a temporary workaround, consider avoiding the use of shells to run git or interpreting hooks with bash.exe on Windows until the update is applied.