Gitpython-Developers Gitpython vulnerabilities

CVE-2023-41040 [MEDIUM] CWE-22 CVE-2023-41040: GitPython is a python library used to interact with Git repositories. In order to resolve some git r GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython

CVE-2023-40590 [HIGH] CWE-426 CVE-2023-40590: GitPython is a python library used to interact with Git repositories. When resolving a program, Pyt GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in