diff options
| author | Steve Kowalik <steven@wedontsleep.org> | 2022-12-20 17:05:50 +1100 |
|---|---|---|
| committer | Santos Gallegos <stsewd@proton.me> | 2022-12-23 16:16:21 -0500 |
| commit | 2625ed9fc074091c531c27ffcba7902771130261 (patch) | |
| tree | 0f3589b06f2b63851addf126b245073cad7eacbf /git/cmd.py | |
| parent | 787359d80d80225095567340aa5e7ec01847fa9a (diff) | |
| download | gitpython-2625ed9fc074091c531c27ffcba7902771130261.tar.gz | |
Forbid unsafe protocol URLs in Repo.clone{,_from}()
Since the URL is passed directly to git clone, and the remote-ext helper
will happily execute shell commands, so by default disallow URLs that
contain a "::" unless a new unsafe_protocols kwarg is passed.
(CVE-2022-24439)
Fixes #1515
Diffstat (limited to 'git/cmd.py')
0 files changed, 0 insertions, 0 deletions