| Package | python-git |
|---|---|
| Version | 2.1.1-2+deb9u1 (stretch) |
| Related CVEs | CVE-2022-24439 |
python-git, a Python library to interact with Git repositories, is vulnerable to shell injection due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command.
For Debian 9 stretch, these problems have been fixed in version 2.1.1-2+deb9u1.
We recommend that you upgrade your python-git packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.