4 matches found
CVE-2026-42215
GitPython CVE-2026-42215: A vulnerability in GitPython allows arbitrary command execution when attacker-controlled kwargs are passed to Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push() via the Python kwargs upload_pack/receive_pack. The default unsafe-options guard (allow_unsafe...
CVE-2026-44244
CVE-2026-44244 (GitPython) : A newline injection in config_writer().set_value() allowed an attacker-controlled core.hooksPath to be injected via an unvalidated value, enabling RCE when Git hooks run (commit, merge, checkout). GitConfigParser.set_value() passes input to configparser without newlin...
CVE-2026-44243
GitPython (Python library for interacting with Git repositories) contains a path-traversal vulnerability in its reference APIs. Before version 3.1.48, attacker-controlled reference names can be used to cause writes, renames, or deletions of files outside the repository’s .git directory due to ins...
CVE-2026-42284
GitPython (Python Git library) is affected by CVE-2026-42284 due to unsafe handling of multi_options in _clone() before 3.1.47. The code validates multi_options as the original list, then performs shlex.split(" ".join(multi_options)), which can allow a crafted string like "--branch main --config ...