** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.

Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4