VYPR

rpm package

opensuse/python-GitPython&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-GitPython&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2026-44244HigMay 7, 2026
    affected < 3.1.49-1.1fixed 3.1.49-1.1

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines

  • CVE-2026-44243HigMay 7, 2026
    affected < 3.1.49-1.1fixed 3.1.49-1.1

    GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository

  • CVE-2026-42215HigMay 7, 2026
    affected < 3.1.49-1.1fixed 3.1.49-1.1

    GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass tha

  • CVE-2022-24439Dec 12, 2022
    affected < 3.1.44-1.1fixed 3.1.44-1.1

    All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes ex