Fix CVE-2023-40267 (#14388)

CVE-2023-40267 GitPython: Insecure non-multi options in clone and clone_from is not blocked https://bugzilla.redhat.com/show_bug.cgi?id=2231474 GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. References: gitpython-developers/GitPython@ca965ec gitpython-developers/GitPython#1609
author: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com> 2023-08-28 21:35:32 +0200
committer: GitHub <noreply@github.com> 2023-08-28 21:35:32 +0200
commit: ffa59864eef7cc717de4e9bddf94af1c9a2ab70f (patch)
tree: 5b241a38b424c01f9f3c3520a2f45196c5861729 /requirements/requirements.in
parent: Fix typo in description of scm_update_on_launch (#14382) (diff)
download: awx-ffa59864eef7cc717de4e9bddf94af1c9a2ab70f.tar.xz
awx-ffa59864eef7cc717de4e9bddf94af1c9a2ab70f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/requirements/requirements.in b/requirements/requirements.in
index 4820318629..e31d0f24f4 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -26,7 +26,7 @@ django-split-settings==1.0.0    # We hit a strange issue where the release proce
 djangorestframework
 djangorestframework-yaml
 filelock
-GitPython>=3.1.30  # CVE-2022-24439
+GitPython>=3.1.32  # CVE-2023-40267
 hiredis==2.0.0  # see UPGRADE BLOCKERs
 irc
 jinja2
author	Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>	2023-08-28 21:35:32 +0200
committer	GitHub <noreply@github.com>	2023-08-28 21:35:32 +0200
commit	ffa59864eef7cc717de4e9bddf94af1c9a2ab70f (patch)
tree	5b241a38b424c01f9f3c3520a2f45196c5861729 /requirements/requirements.in
parent	Fix typo in description of scm_update_on_launch (#14382) (diff)
download	awx-ffa59864eef7cc717de4e9bddf94af1c9a2ab70f.tar.xz awx-ffa59864eef7cc717de4e9bddf94af1c9a2ab70f.zip