GHSA-9277-MP7X-85JF Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

EUVD-2015-0019

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-16228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in th...

GHSA-4J5J-58J7-6C3W Dulwich Arbitrary code execution via commit with directory path starting with .git

The buildindexfromtree function in index.py in Dulwich versions 0.9.9 and below allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree...

Dulwich Arbitrary Command Execution Vulnerability

Dulwich is a Python implementation of the file format and protocols of the Git version control system developed by software developer Jelmer Vernooij. A security vulnerability exists in versions of Dulwich prior to 0.18.5. The vulnerability can be exploited by a remote attacker to execute arbitra...

PYSEC-2017-12

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

CVE-2017-16228

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

Dulwich 'build_index_from_tree' function arbitrary command execution vulnerability

Dulwich is a Python implementation of the file format and protocols of the Git version control system developed by software developer Jelmer Vernooij. A security vulnerability exists in the 'buildindexfromtree' function in the index.py file in versions of Dulwich prior to 0.9.9. A remote attacker...

CVE-2015-0838

Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...

CVE-2014-9706

The buildindexfromtree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree...