279 matches found
OPENSUSE-SU-2026:10758-1 python311-GitPython-3.1.49-1.1 on GA media
These are all security issues fixed in the python311-GitPython-3.1.49-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2026-42215
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...
SUSE CVE-2026-42284
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...
SUSE CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository's .git directory...
SUSE CVE-2026-44244
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...
GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath
Summary The patch for CVE-2026-42215 GitPython 3.1.49 validates newlines only in the value parameter of setvalue. The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section...
Command Injection
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Command Injection via the setvalue function when the section parameter is not properly validated for newline characters. An attacker can execute arbitrary code by...
ac-solver (=0.1.0), acedeploy (>=2.4.15 <=2.4.338) +761 more potentially affected by CVE-2026-42215 via gitpython (>=3.0.0 <=3.1.49)
gitpython PYPI version =3.0.0, =2.4.15, =2025.10.17, =0.4.0, =0.4.0, =0.0.5, =1.2.3, =0.4.7, =0.4.7, =0.2.0, =1.0.3, =0.1.8, =0.87.2.dev9, =0.5.0, =0.86.1 and more Source cves: CVE-2026-42215 Source advisory: SNYK:PYTHON-GITPYTHON-16624542...
GHSA-MV93-W799-CJ2W GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath
Summary The patch for CVE-2026-42215 GitPython 3.1.49 validates newlines only in the value parameter of setvalue. The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section...
Linux Distros Unpatched Vulnerability : CVE-2026-44244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser...
Linux Distros Unpatched Vulnerability : CVE-2026-44243
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a...
CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
DEBIAN-CVE-2026-44244
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...
CVE-2026-44244
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...
DEBIAN-CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
CVE-2026-42215
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...
CVE-2026-42284
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...
UBUNTU-CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
UBUNTU-CVE-2026-44244
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...
CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...