Critical severityNVD Advisory· Published Aug 11, 2023· Updated Nov 3, 2025
CVE-2023-40267
CVE-2023-40267
Description
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
GitPythonPyPI | < 3.1.32 | 3.1.32 |
Affected products
2- GitPython/GitPythondescription
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-pr76-5cm5-w9cjghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2023-40267ghsaADVISORY
- github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cddghsaWEB
- github.com/gitpython-developers/GitPython/pull/1609ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/gitpython/PYSEC-2023-137.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2024/10/msg00030.htmlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GHghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5RghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GHghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5RghsaWEB
News mentions
0No linked articles in our index yet.