** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of the GitPython package are vulnerable to Remote Code Execution (RCE) due to incomplete input validation in the set_value() method of GitConfigParser. The patch for CVE-2026-42215 validates newline characters only in the value parameter, while the section and option parameters are passed to configparser without any newline sanitisation, allowing injection of arbitrary section headers into .git/config. An attacker who controls the section argument can inject a forged [core] section with a hooksPath directive pointing to an attacker-controlled directory, leading to arbitrary code execution when any git hook is triggered.

Affected versions of the GitPython package are vulnerable to Remote Code Execution via Newline Injection due to GitConfigParser.set_value() passing values to Python's configparser without validating for embedded newline characters. GitPython's _write() method converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a valid section header, allowing an attacker to inject arbitrary Git configuration directives such as core.hooksPath into .git/config. An attacker who can control values passed to config_writer().set_value() can point core.hooksPath to an attacker-controlled directory, causing any subsequent Git operation that invokes hooks (commit, merge, checkout) to execute arbitrary scripts.

Affected versions of the GitPython package are vulnerable to Path Traversal due to insufficient validation of attacker-controlled reference paths before filesystem write, rename, and delete operations. Although SymbolicReference._check_ref_name_valid() rejects traversal sequences, the SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete methods construct filesystem paths from supplied ref names without enforcing the repository boundary. An attacker who can supply a crafted reference name to an application using GitPython can write, overwrite, move, or delete arbitrary files outside the repository's .git directory, resulting in Arbitrary File Write and Arbitrary File Deletion.

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.

Affected versions of the GitPython package are vulnerable to Argument Injection due to the unsafe-option check being applied to multi_options before the value is transformed by shlex.split. In _clone() at git/repo/base.py line 1383, multi_options is first joined and passed through shlex.split, but check_unsafe_options at line 1390 validates the original list rather than the post-split tokens, so a single element such as '--branch main --config core.hooksPath=/x' passes the prefix check yet expands at line 1392 into separate --config and core.hooksPath tokens that Git honors during clone. An attacker who can influence multi_options can smuggle dangerous Git options past the validator and apply arbitrary configuration directives, such as core.hooksPath, causing Git to execute attacker-controlled hook scripts during the clone operation and achieve arbitrary command execution.

Affected versions of the GitPython package are vulnerable to Command Injection due to the unsafe-option allowlist being bypassed by equivalent Python keyword arguments. While GitPython's check_unsafe_options validator blocks dangerous Git CLI flags such as --upload-pack and --receive-pack by default, the corresponding upload_pack and receive_pack Python kwargs are accepted by Repo.clone_from(), Remote.fetch(), Remote.pull(), and Remote.push() are translated into the same Git invocation without passing through the unsafe-option check defined in git/repo/base.py and git/remote.py. An attacker who can supply attacker-controlled kwargs to these GitPython APIs can therefore specify arbitrary helper-command paths via upload_pack or receive_pack and achieve arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution.
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4