External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-10 22:19:28 -02:30
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2023-40267 (#14388)

Browse Source 
CVE-2023-40267 GitPython: Insecure non-multi options in clone and clone_from is not blocked https://bugzilla.redhat.com/show_bug.cgi?id=2231474

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

References:
gitpython-developers/GitPython@ca965ec gitpython-developers/GitPython#1609
This commit is contained in:
Hao Liu
2023-08-28 15:35:32 -04:00
committed by GitHub
parent b209bc67b4
commit ffa59864ee
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
requirements/requirements.in
View File

@@ -26,7 +26,7 @@ django-split-settings==1.0.0 # We hit a strange issue where the release proce
djangorestframework djangorestframework
djangorestframework-yaml djangorestframework-yaml
filelock filelock
GitPython>=3.1.30 # CVE-2022-24439 GitPython>=3.1.32 # CVE-2023-40267
hiredis==2.0.0 # see UPGRADE BLOCKERs hiredis==2.0.0 # see UPGRADE BLOCKERs
irc irc
jinja2 jinja2

2
requirements/requirements.txt
View File

@@ -155,7 +155,7 @@ frozenlist==1.3.3
# aiosignal # aiosignal
gitdb==4.0.10 gitdb==4.0.10
# via gitpython # via gitpython
gitpython==3.1.30 gitpython==3.1.32
# via -r /awx_devel/requirements/requirements.in # via -r /awx_devel/requirements/requirements.in
google-auth==2.14.1 google-auth==2.14.1
# via kubernetes # via kubernetes