GitPython is a Python library used to interact with Git repositories.
Please review the CVE identifier referenced below for details.
An attacker may be able to trigger Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
There is no known workaround at this time.
All GitPython users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/GitPython-3.1.30"