rpm package
opensuse/python-GitPython&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-GitPython&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44244 | Hig | 7.8 | < 3.1.49-1.1 | 3.1.49-1.1 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines | |
| CVE-2026-44243 | Hig | 7.1 | < 3.1.49-1.1 | 3.1.49-1.1 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository | |
| CVE-2026-42215 | Hig | 8.8 | < 3.1.49-1.1 | 3.1.49-1.1 | May 7, 2026 | GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass tha | |
| CVE-2022-24439 | — | < 3.1.44-1.1 | 3.1.44-1.1 | Dec 12, 2022 | All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes ex |
- affected < 3.1.49-1.1fixed 3.1.49-1.1
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines
- affected < 3.1.49-1.1fixed 3.1.49-1.1
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository
- affected < 3.1.49-1.1fixed 3.1.49-1.1
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass tha
- CVE-2022-24439Dec 12, 2022affected < 3.1.44-1.1fixed 3.1.44-1.1
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes ex