Code injection in nbgitpuller
Description
Arbitrary code execution in Jupyter's nbgitpuller extension due to unsanitized git URL input, patched in version 0.10.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Arbitrary code execution in Jupyter's nbgitpuller extension due to unsanitized git URL input, patched in version 0.10.2.
Vulnerability
CVE-2021-39160 is a vulnerability in nbgitpuller, a Jupyter server extension that synchronizes a git repository one-way to a local path. The extension fails to sanitize user-supplied input when constructing git commands, allowing an attacker to inject additional arguments via a malformed git URL. This affects versions prior to 0.10.2 [1][2]. The fix adds -- separators to git command arguments to prevent argument injection [4].
Exploitation
An attacker can craft a malicious link that, when visited by a victim (e.g., through a phishing attack or by embedding the link in a Jupyter notebook), causes nbgitpuller to execute arbitrary git commands with injected arguments. No authentication is required beyond the victim's existing Jupyter session. The injection occurs because the git URL is passed directly to git ls-remote, git clone, and similar commands without proper sanitization [1][2][4].
Impact
Successful exploitation can lead to arbitrary code execution in the user's environment with the privileges of the Jupyter server process. This may result in unauthorized data access, modification, or complete compromise of the Jupyter instance and associated resources [2].
Mitigation
Users should upgrade to nbgitpuller version 0.10.2, released on 2021-08-25, which includes the fix [1]. No workarounds are available for users who cannot upgrade. The vulnerability was fixed by adding -- separators to git commands to prevent argument injection [4].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nbgitpullerPyPI | >= 0.9.0, < 0.10.2 | 0.10.2 |
Affected products
2- jupyterhub/nbgitpullerv5Range: >= 0.9.0, < 0.10.2
Patches
107690644f29aMerge pull request from GHSA-mq5p-2mcr-m52j
1 file changed · +4 −4
nbgitpuller/pull.py+4 −4 modified@@ -88,13 +88,13 @@ def branch_exists(self, branch): """ try: heads = subprocess.run( - ["git", "ls-remote", "--heads", self.git_url], + ["git", "ls-remote", "--heads", "--", self.git_url], capture_output=True, text=True, check=True ) tags = subprocess.run( - ["git", "ls-remote", "--tags", self.git_url], + ["git", "ls-remote", "--tags", "--", self.git_url], capture_output=True, text=True, check=True @@ -118,7 +118,7 @@ def resolve_default_branch(self): """ try: head_branch = subprocess.run( - ["git", "ls-remote", "--symref", self.git_url, "HEAD"], + ["git", "ls-remote", "--symref", "--", self.git_url, "HEAD"], capture_output=True, text=True, check=True @@ -154,7 +154,7 @@ def initialize_repo(self): if self.depth and self.depth > 0: clone_args.extend(['--depth', str(self.depth)]) clone_args.extend(['--branch', self.branch_name]) - clone_args.extend([self.git_url, self.repo_dir]) + clone_args.extend(["--", self.git_url, self.repo_dir]) yield from execute_cmd(clone_args) logging.info('Repo {} initialized'.format(self.repo_dir))
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-mq5p-2mcr-m52jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-39160ghsaADVISORY
- github.com/jupyterhub/nbgitpuller/blob/main/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/jupyterhub/nbgitpuller/commit/07690644f29a566011dd0d7ba14cae3eb0490481ghsax_refsource_MISCWEB
- github.com/jupyterhub/nbgitpuller/security/advisories/GHSA-mq5p-2mcr-m52jghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/nbgitpuller/PYSEC-2021-315.yamlghsaWEB
News mentions
0No linked articles in our index yet.