107 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-47734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - dulwich - None Ubuntu Linux - Unknown description CVE-2026-47734 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-42305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows CVE-2026-42305 Note that Nessus relies on the presence of the package as reported b...
Linux Distros Unpatched Vulnerability : CVE-2026-42563
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich Vulnerable to Command Injection via Merge Driver Path CVE-2026-42563 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-47712
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - dulwich - None Ubuntu Linux - Unknown description CVE-2026-47712 Note that Nessus relies on the presence of the package as reported by the vendor...
OPENSUSE-SU-2026:10900-1 python311-dulwich-1.2.5-1.1 on GA media
These are all security issues fixed in the python311-dulwich-1.2.5-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2026-45156
These are all security issues fixed in the python311-dulwich-1.2.5-1.1 package on the GA media of openSUSE Tumbleweed...
Dulwich Vulnerable to Command Injection via Merge Driver Path
Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...
CVE-2026-42563
dulwich: Command Injection via Merge Driver Path...
GHSA-9277-MP7X-85JF Dulwich Vulnerable to Command Injection via Merge Driver Path
Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the ProcessMergeDriver command. An attacker can execute arbitrary commands by crafting malicious file paths that are substituted into the merge driver command and executed with shell privileges when a victim merges...
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...
GHSA-897W-FCG9-F6XJ Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...
CVE-2026-42563
creationtimestamp| type| source ---|---|--- 2026-05-28 21:43:22+00:00| published-proof-of-concept| https://github.com/jelmer/dulwich/security/advisories/GHSA-9277-mp7x-85jf...
PT-2026-44725
Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.2.5-1.1 Description Command injection occurs in the ProcessMergeDriver when the file path from the git tree is substituted into the merge driver command via the %P placeholder. This command is then executed using...
PT-2026-44724
Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - — the Windows path separator...
EUVD-2015-0020
Malware in sbrugna...
EUVD-2017-0027
Malware in sbrugna...
EUVD-2015-0019
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-16228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in th...
OPENSUSE-SU-2024:10124-1 python-dulwich-0.12.0-2.3 on GA media
These are all security issues fixed in the python-dulwich-0.12.0-2.3 package on the GA media of openSUSE Tumbleweed...