GitPython Command Injection Vulnerability via Git Options Bypass

A command injection vulnerability has been identified in GitPython versions 3.1.30 prior to 3.1.47. The library, which facilitates interaction with Git repositories, normally blocks hazardous Git options like '--upload-pack' and '--receive-pack'. However, the equivalent Python keyword arguments 'upload_pack' and 'receive_pack' can bypass this restriction. When an application introduces attacker-controlled keyword arguments into 'Repo.clone_from()', 'Remote.fetch()', 'Remote.pull()', or 'Remote.push()', it can result in arbitrary command execution, even with the 'allow_unsafe_options' setting at its default of False.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on behalf of the user running the GitPython process. This could lead to unauthorized access to sensitive information such as SSH keys, API tokens, or other credentials, as well as potential modification of repositories or build artifacts. In CI/CD environments, this could result in lateral movement or a full compromise of the automation process handling the Git operations.

Reproduction

The vulnerability can be reproduced by creating a new Python file that imports the 'git' module and the 'Repo' class. After setting up isolated Git repositories, the 'upload_pack' keyword argument can be passed to the 'Remote.fetch()' method. This bypasses the safety check and executes the specified command, such as a shell script that collects information about the environment and the execution context.

Remediation

Users should upgrade to GitPython version 3.1.47 or later, where this vulnerability has been patched.