Lucene search
K

12 matches found

SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.8 views

SUSE CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7CVSS5.7AI score0.00555EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 11:16 p.m.9 views

CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS0.00555EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 9:47 p.m.8 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 9:47 p.m.39 views

CVE-2026-42563

CVE-2026-42563 affects the Python package Dulwich (versions

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 9:47 p.m.26 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS0.00555EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/10 9:47 p.m.15 views

CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0
EUVD
EUVD
added 2026/06/10 9:47 p.m.10 views

EUVD-2026-36175

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriv...

7.7CVSS6.1AI score0.00555EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/28 10:29 p.m.14 views

Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS6.3AI score0.00555EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/28 10:29 p.m.10 views

GHSA-9277-MP7X-85JF Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

7.7CVSS6.3AI score0.00555EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/28 10:29 p.m.8 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ProcessMergeDriver command. An attacker can execute arbitrary commands by crafting malicious file paths that are substituted into the merge driver command and executed with shell privileges when a victim merges...

7.7CVSS6AI score0.00555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44725

Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.2.5-1.1 Description Command injection occurs in the ProcessMergeDriver when the file path from the git tree is substituted into the merge driver command via the %P placeholder. This command is then executed using...

7.7CVSS6AI score0.00555EPSS
Exploits0References18
Rows per page
Query Builder