Lucene search
K

4 matches found

OSV
OSV
added 2026/05/18 9:44 a.m.8 views

OPENSUSE-SU-2026:20777-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...

9.8CVSS5.9AI score0.00719EPSS
Exploits4References8
OSV
OSV
added 2026/05/18 9:43 a.m.7 views

SUSE-SU-2026:21813-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...

9.8CVSS7.4AI score0.00719EPSS
Exploits4References9
CVE
CVE
added 2026/05/07 6:19 p.m.23 views

CVE-2026-42284

GitPython (Python Git library) is affected by CVE-2026-42284 due to unsafe handling of multi_options in _clone() before 3.1.47. The code validates multi_options as the original list, then performs shlex.split(" ".join(multi_options)), which can allow a crafted string like "--branch main --config ...

9.8CVSS5.7AI score0.00571EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 6:19 p.m.12 views

CVE-2026-42284 GitPython: Unsafe option check validates multi_options before shlex.split transforms it

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...

8.1CVSS5.7AI score0.00571EPSS
Exploits1References2
Rows per page
Query Builder