DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-MV93-W799-CJ2W: GHSA-MV93-W799-CJ2W: Remote Code Execution via Config Section Injection in GitPython

#security #cve #cybersecurity #ghsa

GHSA-MV93-W799-CJ2W: Remote Code Execution via Config Section Injection in GitPython

Vulnerability ID: GHSA-MV93-W799-CJ2W
CVSS Score: 7.8
Published: 2026-05-08

GitPython versions prior to 3.1.50 are vulnerable to a newline injection attack in the config_writer() and set_value() methods. An incomplete fix for CVE-2026-44244 failed to sanitize the configuration section parameter, allowing an attacker to inject malicious Git configuration blocks such as [core] and override the hooksPath. This leads to unauthenticated remote code execution when subsequent Git operations trigger the injected hooks.

TL;DR

Newline injection in GitPython's config_writer section parameter allows attackers to override core.hooksPath and achieve Remote Code Execution.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-94, CWE-150
  • Attack Vector: Local (via Application Input)
  • CVSS Base Score: 7.8 (High)
  • Exploit Status: Proof of Concept Available
  • Impact: Remote Code Execution via Git Hooks
  • Patched Version: 3.1.50

Affected Systems

  • GitPython pip package
  • GitPython: < 3.1.50 (Fixed in: 3.1.50)

Mitigation Strategies

  • Upgrade GitPython pip package to version 3.1.50 or later.
  • Implement application-level input validation to sanitize user input passed to GitPython API.
  • Reject or strip newline characters (\n, \r) from configuration section variables.
  • Monitor .git/config files for anomalous structures and unexpected hooksPath entries.

Remediation Steps:

  1. Identify all projects utilizing the GitPython library within the environment.
  2. Update the GitPython dependency to >= 3.1.50 via package manager (e.g., pip install --upgrade GitPython).
  3. Review application source code for calls to config_writer().set_value() and config_writer().add_section().
  4. Ensure input passed to these methods is heavily sanitized if derived from external sources.
  5. Deploy file integrity monitoring rules to alert on modifications to repository .git/config files introducing new hooksPath directives.

References

Read the full report for GHSA-MV93-W799-CJ2W on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)