{"vulnerability": "CVE-2024-22190", "sightings": [{"uuid": "02483063-7de7-4f46-af04-8dd755525e03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22190", "type": "seen", "source": "https://t.me/ctinow/175704", "content": "https://ift.tt/k1fxiJK\nCVE-2024-22190 | GitPython prior 3.1.41 on Windows untrusted search path", "creation_timestamp": "2024-01-30T06:38:10.000000Z"}, {"uuid": "4403f19f-7828-48a0-ab90-a0fb86d4b353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22190", "type": "seen", "source": "https://t.me/arpsyndicate/2920", "content": "#ExploitObserverAlert\n\nCVE-2024-22190\n\nDESCRIPTION: Exploit Observer has 3 entries in 2 file formats related to CVE-2024-22190. GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.\n\nFIRST-EPSS: 0.000450000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2024-01-19T10:29:47.000000Z"}, {"uuid": "c9ce6191-d898-40df-8cc5-2cea0cac1c9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-22190", "type": "seen", "source": "https://t.me/ctinow/166288", "content": "https://ift.tt/1KnzJkM\nCVE-2024-22190", "creation_timestamp": "2024-01-11T03:21:30.000000Z"}]}