Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-41040
Summary
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the ".git" directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the ".git" directory. This allows an attacker to make GitPython read any file from the system. The vulnerable code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a Denial of Service for the program. This issue affects versions prior to 3.1.35.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
CWE-22 - Path Traversal
Path traversal (or directory traversal), is a vulnerability that allows malicious users to traverse the server's root directory, gaining access to arbitrary files and folders such as application code & data, back-end credentials, and sensitive operating system files. In the worst-case scenario, an attacker could potentially execute arbitrary files on the server, resulting in a denial of service attack. Such an exploit may severely impact the integrity, confidentiality, and availability of an application.
References
Advisory Timeline
- Published
