| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| requests | 2.32.5 | <2.33.0 |
show Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| requests | 2.32.5 | <2.33.0 |
show Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| requests | 2.32.5 | <2.33.0 |
show Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| requests | 2.32.5 | <2.33.0 |
show Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| idna | 3.11 | <3.15 |
show Affected versions of the idna package are vulnerable to Denial of Service due to an incomplete fix for CVE-2024-3651 that still allows specially crafted inputs to consume significant resources during encoding. The idna.encode() function invokes the valid_contexto validator on every label before applying length-based rejection, so payloads such as long repetitions of the Arabic-Indic digit U+0660 or sequences of the Katakana middle dot U+30FB followed by a CJK character cause valid_contexto to perform extensive context-rule processing across each character. A remote attacker who can supply domain-name input to an application that calls idna.encode() without first enforcing the 253-character DNS length limit can submit arbitrarily large strings that drive the validator to exhaust CPU time, resulting in Denial of Service through resource consumption. |
| urllib3 | 2.6.3 | >=1.23,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Information Disclosure due to improper handling of sensitive headers during cross-origin redirects in the low-level proxy API. When following cross-origin redirects via ProxyManager.connection_from_url().urlopen() with assert_same_host=False, sensitive headers including Authorization, Cookie, and Proxy-Authorization are not stripped, unlike the high-level API, which removes them via Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT. An attacker controlling a redirect target can capture these sensitive headers from requests that follow cross-origin redirects through the low-level proxy API path. |
| urllib3 | 2.6.3 | >=2.6.0,<2.7.0 |
show Affected versions of the urllib3 package are vulnerable to Denial of Service due to bypassed decompression-bomb safeguards in the streaming API. When using HTTPResponse.read(amt=N) with the official Brotli library, the second call decompresses the entire response instead of only the requested portion, and HTTPResponse.drain_conn() called after partial decompression, likewise decodes the full response in a single operation. An attacker serving a highly compressed response can cause excessive CPU usage and massive memory allocation on the client, leading to resource exhaustion. |
| protobuf | 6.33.0 | >=6.30.0rc1,<=6.33.4 , <5.29.6 |
show Affected versions of the protobuf package are vulnerable to Denial of Service (DoS) due to missing recursion depth accounting that allows the max_recursion_depth limit to be bypassed. The google.protobuf.json_format.ParseDict() parser fails to increment or enforce max_recursion_depth when traversing nested google.protobuf.Any messages in its internal Any-handling logic, allowing attacker-controlled JSON to recurse far deeper than intended. |
| requests | 2.32.5 | <2.33.0 |
show Affected versions of the requests package are vulnerable to Insecure Temporary File reuse due to predictable temporary filename generation in extract_zipped_paths(). The requests.utils.extract_zipped_paths() utility extracts files from zip archives into the system temporary directory using a deterministic path, and if that file already exists, the function reuses it without validating that it is the expected extracted content. |
| gitpython | 3.1.40 | >=3.1.30,<3.1.47 |
show Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
| gitpython | 3.1.40 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| gitpython | 3.1.40 | <=3.1.47 |
show Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion. |
| gitpython | 3.1.40 | <=3.1.49 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered. |
| gitpython | 3.1.40 | <=3.1.48 |
show Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts. |
| gitpython | 3.1.40 | <3.1.47 |
show Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution. |
https://pyup.io/repos/github/Harmon758/Harmonbot/python-3-shield.svg
[](https://pyup.io/repos/github/Harmon758/Harmonbot/)
.. image:: https://pyup.io/repos/github/Harmon758/Harmonbot/python-3-shield.svg
:target: https://pyup.io/repos/github/Harmon758/Harmonbot/
:alt: Python 3
<a href="https://pyup.io/repos/github/Harmon758/Harmonbot/"><img src="https://pyup.io/repos/github/Harmon758/Harmonbot/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/Harmon758/Harmonbot/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/Harmon758/Harmonbot/
{<img src="https://pyup.io/repos/github/Harmon758/Harmonbot/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/Harmon758/Harmonbot/]
https://pyup.io/repos/github/Harmon758/Harmonbot/shield.svg
[](https://pyup.io/repos/github/Harmon758/Harmonbot/)
.. image:: https://pyup.io/repos/github/Harmon758/Harmonbot/shield.svg
:target: https://pyup.io/repos/github/Harmon758/Harmonbot/
:alt: Updates
<a href="https://pyup.io/repos/github/Harmon758/Harmonbot/"><img src="https://pyup.io/repos/github/Harmon758/Harmonbot/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/Harmon758/Harmonbot/shield.svg(Updates)!:https://pyup.io/repos/github/Harmon758/Harmonbot/
{<img src="https://pyup.io/repos/github/Harmon758/Harmonbot/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/Harmon758/Harmonbot/]