GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.