{"vulnerability": "CVE-2022-24439", "sightings": [{"uuid": "fb1f2f8c-0db0-4a67-8a60-d0e7ecd99ee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24439", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/15363", "content": "\u200aHTB | Editorial\u200a\u2014\u200aSSRF and CVE-2022\u201324439\n\nhttps://infosecwriteups.com/htb-editorial-ssrf-and-cve-2022-24439-c1feb9f343fc?source=rss----7b722bfd1b8d---4", "creation_timestamp": "2024-10-08T03:27:19.000000Z"}, {"uuid": "e48b99a6-d812-4d47-9c9e-e64134c9a44c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24439", "type": "seen", "source": "https://t.me/cibsecurity/68331", "content": "\u203c CVE-2023-40267 \u203c\n\nGitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-11T14:46:53.000000Z"}, {"uuid": "f0458750-c843-4453-807e-fa37271957f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24439", "type": "seen", "source": "https://t.me/cibsecurity/54046", "content": "\u203c CVE-2022-24439 \u203c\n\nAll versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T10:12:31.000000Z"}]}