High severity7.8NVD Advisory· Published Jan 11, 2024· Updated Jun 17, 2026
CVE-2024-22190
CVE-2024-22190
Description
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on Windows, a malicious git.exe or bash.exe may be run from an untrusted repository. This issue has been patched in version 3.1.41.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
GitPythonPyPI | < 3.1.41 | 3.1.41 |
Affected products
4- osv-coords3 versions
< 3.0.34-r1+ 2 more
- (no CPE)range: < 3.0.34-r1
- (no CPE)range: < 3.0.34-r1
- (no CPE)range: < 3.1.41
- Range: < 3.1.41
Patches
Vulnerability mechanics
References
6- github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7fnvdPatchWEB
- github.com/gitpython-developers/GitPython/pull/1792nvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-2mqj-m65w-jghxghsaADVISORY
- github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghxnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-22190ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/gitpython/PYSEC-2024-4.yamlghsaWEB
News mentions
0No linked articles in our index yet.