Critical severityNVD Advisory· Published Aug 11, 2023· Updated Nov 3, 2025

CVE-2023-40267

Description

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

GitPython before 3.1.32 did not block insecure non-multi options in clone and clone_from, allowing arbitrary command execution via a crafted repository URL.

Vulnerability

Description

CVE-2023-40267 is a security vulnerability in GitPython versions prior to 3.1.32, where the library fails to block insecure non-multi options in the clone and clone_from functions. This issue occurs because GitPython invokes the system-installed git command-line program to perform repository operations, and insufficient sanitization of clone options can allow an attacker to pass arbitrary arguments to git clone [1][2]. The vulnerability represents an incomplete fix for the earlier CVE-2022-24439, meaning the original patch did not fully address the underlying problem [1].

Attack

Vector and Exploitation

An attacker can exploit this vulnerability by crafting a malicious repository URL or clone options string that includes dangerous non-multi options, such as --config or -c, which are normally used to set Git configuration variables. When a victim uses GitPython's clone or clone_from method with the attacker-controlled input, the library passes these options to git clone without proper validation [3]. No authentication is required beyond the ability to supply a repository URL to a GitPython-using application. The attack can be triggered remotely if the application clones user-supplied URLs.

Impact

Successful exploitation allows an attacker to execute arbitrary commands on the system where GitPython is used. By passing options like --config core.gitProxy=malicious_command, the attacker can hijack Git operations to execute arbitrary code, potentially leading to full system compromise, data exfiltration, or lateral movement within an infrastructure [2][4].

Mitigation

The fix for this vulnerability is included in GitPython version 3.1.32, which blocks the use of insecure non-multi options during clone operations [3]. Users should upgrade to version 3.1.32 or later immediately. As a workaround, applications should sanitize user-supplied repository URLs and avoid passing untrusted input to clone or clone_from without validation. The project is in maintenance mode, with only security fixes being actively addressed [1].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
GitPythonPyPI	< 3.1.32	3.1.32

Affected products

GitPython/GitPythondescription
ghsa-coords
pkg:pypi/gitpython
Range: < 3.1.32

Patches

ca965ecc8185

Merge pull request #1609 from Beuc/block-insecure-options-clone-non-multi

https://github.com/gitpython-developers/GitPythonSebastian ThielJul 10, 2023via ghsa

commit

2 files changed · +25 −1

git/repo/base.py+2 −0 modified

@@ -1203,6 +1203,8 @@ def _clone(
 
         if not allow_unsafe_protocols:
             Git.check_unsafe_protocols(str(url))
+        if not allow_unsafe_options:
+            Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=cls.unsafe_git_clone_options)
         if not allow_unsafe_options and multi_options:
             Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options)

test/test_repo.py+23 −1 modified

@@ -282,6 +282,17 @@ def test_clone_unsafe_options(self, rw_repo):
                     rw_repo.clone(tmp_dir, multi_options=[unsafe_option])
                 assert not tmp_file.exists()
 
+            unsafe_options = [
+                {"upload-pack": f"touch {tmp_file}"},
+                {"u": f"touch {tmp_file}"},
+                {"config": "protocol.ext.allow=always"},
+                {"c": "protocol.ext.allow=always"},
+            ]
+            for unsafe_option in unsafe_options:
+                with self.assertRaises(UnsafeOptionError):
+                    rw_repo.clone(tmp_dir, **unsafe_option)
+                assert not tmp_file.exists()
+
     @with_rw_repo("HEAD")
     def test_clone_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -341,6 +352,17 @@ def test_clone_from_unsafe_options(self, rw_repo):
                     Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option])
                 assert not tmp_file.exists()
 
+            unsafe_options = [
+                {"upload-pack": f"touch {tmp_file}"},
+                {"u": f"touch {tmp_file}"},
+                {"config": "protocol.ext.allow=always"},
+                {"c": "protocol.ext.allow=always"},
+            ]
+            for unsafe_option in unsafe_options:
+                with self.assertRaises(UnsafeOptionError):
+                    Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)
+                assert not tmp_file.exists()
+
     @with_rw_repo("HEAD")
     def test_clone_from_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -1410,4 +1432,4 @@ def test_ignored_raises_error_w_symlink(self):
             os.symlink(tmp_dir / "target", tmp_dir / "symlink")
 
             with pytest.raises(GitCommandError):
-                temp_repo.ignored(tmp_dir / "symlink/file.txt")
\ No newline at end of file
+                temp_repo.ignored(tmp_dir / "symlink/file.txt")

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000