Lucene search
+L
Gitpython ProjectGitpython

4 matches found

CVE
CVE
added 2026/05/07 6:17 p.m.34 views

CVE-2026-42215

GitPython CVE-2026-42215: A vulnerability in GitPython allows arbitrary command execution when attacker-controlled kwargs are passed to Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push() via the Python kwargs upload_pack/receive_pack. The default unsafe-options guard (allow_unsafe...

8.8CVSS6AI score0.00719EPSS
CVE
CVE
added 2026/05/07 6:22 p.m.30 views

CVE-2026-44244

CVE-2026-44244 (GitPython) : A newline injection in config_writer().set_value() allowed an attacker-controlled core.hooksPath to be injected via an unvalidated value, enabling RCE when Git hooks run (commit, merge, checkout). GitConfigParser.set_value() passes input to configparser without newlin...

7.8CVSS5.8AI score0.00237EPSS
CVE
CVE
added 2026/05/07 6:22 p.m.29 views

CVE-2026-44243

GitPython (Python library for interacting with Git repositories) contains a path-traversal vulnerability in its reference APIs. Before version 3.1.48, attacker-controlled reference names can be used to cause writes, renames, or deletions of files outside the repository’s .git directory due to ins...

8.8CVSS5.7AI score0.00419EPSS
CVE
CVE
added 2026/05/07 6:19 p.m.25 views

CVE-2026-42284

GitPython (Python Git library) is affected by CVE-2026-42284 due to unsafe handling of multi_options in _clone() before 3.1.47. The code validates multi_options as the original list, then performs shlex.split(" ".join(multi_options)), which can allow a crafted string like "--branch main --config ...

9.8CVSS5.7AI score0.00571EPSS