Gitpython Project

Gitpython

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2026-44243

Exploit
  • EPSS 0.11%
  • Veröffentlicht 07.05.2026 18:22:53
  • Zuletzt bearbeitet 07.05.2026 21:12:00

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delet...

7.8

CVE-2026-44244

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.05.2026 18:22:39
  • Zuletzt bearbeitet 11.05.2026 17:44:36

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines int...

9.8

CVE-2026-42284

Exploit
  • EPSS 0.06%
  • Veröffentlicht 07.05.2026 18:19:20
  • Zuletzt bearbeitet 08.05.2026 23:16:36

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooks...

8.8

CVE-2026-42215

Exploit
  • EPSS 0.09%
  • Veröffentlicht 07.05.2026 18:17:03
  • Zuletzt bearbeitet 11.05.2026 17:45:39

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pa...

7.8

CVE-2024-22190

  • EPSS 0.35%
  • Veröffentlicht 11.01.2024 02:15:48
  • Zuletzt bearbeitet 21.11.2024 08:55:45

GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret ...

6.5

CVE-2023-41040

Exploit
  • EPSS 0.36%
  • Veröffentlicht 30.08.2023 22:15:09
  • Zuletzt bearbeitet 03.11.2025 22:16:26

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't ...

7.8

CVE-2023-40590

Exploit
  • EPSS 0.37%
  • Veröffentlicht 28.08.2023 18:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:46

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs G...

9.8

CVE-2023-40267

  • EPSS 0.35%
  • Veröffentlicht 11.08.2023 07:15:09
  • Zuletzt bearbeitet 03.11.2025 22:16:26

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

9.8

CVE-2022-24439

Exploit
  • EPSS 68.86%
  • Veröffentlicht 06.12.2022 05:15:11
  • Zuletzt bearbeitet 03.11.2025 22:15:57

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possibl...