Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: python312Packages.gitpython

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-44243
updated 1 day, 3 hours ago by @LeSuisse Activity log
  • Created suggestion 2 days, 10 hours ago
  • @LeSuisse ignored reference https://g… 2 days, 2 hours ago
  • @LeSuisse accepted 2 days, 2 hours ago
  • @LeSuisse published on GitHub 1 day, 3 hours ago
GitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repository

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

Affected products

GitPython
  • ==< 3.1.48

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-42215
8.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 days, 2 hours ago by @LeSuisse Activity log
  • Created suggestion 2 days, 10 hours ago
  • @LeSuisse ignored reference https://g… 2 days, 2 hours ago
  • @LeSuisse accepted 2 days, 2 hours ago
  • @LeSuisse published on GitHub 2 days, 2 hours ago
GitPython: Command injection via Git options bypass

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an application passes attacker-controlled kwargs into Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push(), this leads to arbitrary command execution even when allow_unsafe_options is left at its default value of False. This issue has been patched in version 3.1.47.

Affected products

GitPython
  • ==>= 3.1.30, < 3.1.47

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-42284
8.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 days, 2 hours ago by @LeSuisse Activity log
  • Created suggestion 2 days, 10 hours ago
  • @LeSuisse ignored reference https://g… 2 days, 2 hours ago
  • @LeSuisse accepted 2 days, 2 hours ago
  • @LeSuisse published on GitHub 2 days, 2 hours ago
GitPython: Unsafe option check validates multi_options before shlex.split transforms it

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--config", "core.hooksPath=/x"]. Git applies the config and executes attacker hooks during clone. This issue has been patched in version 3.1.47.

Affected products

GitPython
  • ==< 3.1.47

Matching in nixpkgs

Package maintainers

Permalink CVE-2026-44244
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 2 days, 2 hours ago by @LeSuisse Activity log
  • Created suggestion 2 days, 10 hours ago
  • @LeSuisse ignored reference https://g… 2 days, 2 hours ago
  • @LeSuisse accepted 2 days, 2 hours ago
  • @LeSuisse published on GitHub 2 days, 2 hours ago
GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\t), but Git still accepts an indented [core] stanza as a section header — so the injected core.hooksPath becomes effective configuration. Any Git operation that invokes hooks (commit, merge, checkout) will then execute scripts from the attacker-controlled path. This issue has been patched in version 3.1.49.

Affected products

GitPython
  • ==< 3.1.49

Matching in nixpkgs

Package maintainers