CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

CVE-2026-42215

GitPython CVE-2026-42215: A vulnerability in GitPython allows arbitrary command execution when attacker-controlled kwargs are passed to Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push() via the Python kwargs upload_pack/receive_pack. The default unsafe-options guard (allow_unsafe...

GitPython has Command Injection via Git options bypass

Summary GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an application passes attacker-controlled kwargs into Repo.clonefrom, Remote.fetch, Remote.pull, or Remote.push, th...

GitPython: Insecure non-multi options in clone and clone_from is not blocked

An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution...

The vulnerability of the clone/clone_from components in the Python library for interacting with Git repositories in GitPython allows a malicious actor to execute arbitrary code.

The vulnerability of the clone/clonefrom components in the Python library for interacting with Git repositories in GitPython is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting a specially crafted URL address...

GHSA-PR76-5CM5-W9CJ GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom, making it vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerabili...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

DEBIAN-CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

PYSEC-2023-137

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

GitPython Security Vulnerabilities

GitPython is a Python library for interacting with Git repositories open-sourced by gitpython-developers. A security vulnerability exists in GitPython versions prior to 3.1.32 that stems from not blocking the unsafe non-multi option in clone and clonefrom...

CVE-2023-40267

GitPython before 3.1.32 does not block insecure non-multi options in clone and clonefrom. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439...

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clonefrom function in base.py makes external calls to git without sufficient sanitization of input arguments, allowing an attacker to inject and execute a maliciously crafted remote URL into the clone comma...

Double-free in id-map

The clonefrom implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone call pancics, then the afformentioned dropped elements can be freed again. getorinsert getorinsert reserves space for a value, before calling the user provided...

GHSA-8GMX-CPCG-F8H5 Double-free in id-map

The clonefrom implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone call pancics, then the afformentioned dropped elements can be freed again. getorinsert getorinsert reserves space for a value, before calling the user provided...

CVE-2021-30455

An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clonefrom upon a .clone panic...

RUSTSEC-2021-0052 Multiple functions can cause double-frees

The following functions in the crate are affected: IdMap::clonefrom The clonefrom implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone call pancics, then the afformentioned dropped elements can be freed again. getorinsert...

Multiple functions can cause double-frees

The following functions in the crate are affected: IdMap::clonefrom The clonefrom implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone call pancics, then the afformentioned dropped elements can be freed again. getorinsert...