Fedora 44 : GitPython (2026-b4653c757d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b4653c757d advisory. Update to 3.1.50; fixes CVE-2026-42215 / GHSA-mv93-w799-cj2w. Tenable has extracted the preceding description block directly from the Fedora security advisor...

Fedora 42 : GitPython (2026-585a8768df)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-585a8768df advisory. Update to 3.1.50; fixes CVE-2026-42215 / GHSA-mv93-w799-cj2w. ---- Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and...

python311-GitPython-3.1.49-1.1 on GA media (moderate)

python311-GitPython-3.1.49-1.1 on GA media Announcement ID: openSUSE-SU-2026:10758-1 Rating: moderate Cross-References: CVE-2026-42215 CVE-2026-44243 CVE-2026-44244 CVSS scores: CVE-2026-42215 SUSE : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-44243 SUSE : 6.5...

ac-solver (=0.1.0), acedeploy (>=2.4.15 <=2.4.342) +765 more potentially affected by CVE-2026-42215 via gitpython (>=3.0.0 <=3.1.49)

gitpython PYPI version =3.0.0, =2.4.15, =2025.10.17, =0.4.0, =0.4.0, =0.0.5, =1.2.3, =0.4.7, =0.4.7, =0.2.0, =1.0.3, =0.1.8, =0.87.2.dev9, =0.5.0, =0.86.1 and more Source cves: CVE-2026-42215 Source advisory: SNYK:PYTHON-GITPYTHON-16624542...

GHSA-MV93-W799-CJ2W GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath

Summary The patch for CVE-2026-42215 GitPython 3.1.49 validates newlines only in the value parameter of setvalue. The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section...

CVE-2026-42215

creationtimestamp| type| source ---|---|--- 2026-05-07 19:53:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbyl7e7ip2z 2026-05-07 23:03:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlcd6jpjjh2h 2026-05-11 20:37:07+00:00| seen|...

CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

UBUNTU-CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

Linux Distros Unpatched Vulnerability : CVE-2026-42215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such ...