https://vulnerability.circl.lu/sightings/feed 2026-05-31T19:23:02.443127+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/b502554d-ccd5-4943-81cd-6e2f8fbab4b5/export 2026-05-31T19:23:02.814959+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "b502554d-ccd5-4943-81cd-6e2f8fbab4b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44244", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbwrbrdff2c", "content": "\ud83d\udfe0 CVE-2026-44244 - High (7.8)\n\nGitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, Gi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44244/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-07T19:21:06.496423Z"} 2026-05-07T19:21:06.496423+00:00 https://vulnerability.circl.lu/sighting/8443c2e0-3774-4895-8006-75222e8db7f0/export 2026-05-31T19:23:02.814859+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "8443c2e0-3774-4895-8006-75222e8db7f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44244", "type": "seen", "source": "https://bsky.app/profile/cybercod.bsky.social/post/3mlbyihsuwt26", "content": "Thanks for the heads-up on CVE-2026-44244! For GitPython users, prioritizing an update to v3.1.49+ is crucial to patch this high-severity vulnerability. Stay secure!", "creation_timestamp": "2026-05-07T19:51:57.494571Z"} 2026-05-07T19:51:57.494571+00:00 https://vulnerability.circl.lu/sighting/4156f385-e49e-489e-9c88-3a0b10787594/export 2026-05-31T19:23:02.814729+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "4156f385-e49e-489e-9c88-3a0b10787594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44244", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlc54yti6r2c", "content": "CVE-2026-44244 - GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath\nCVE ID : CVE-2026-44244\n \n Published : May 7, 2026, 7:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : GitPython is a python library used to interact with Git repositori...", "creation_timestamp": "2026-05-07T21:15:01.513255Z"} 2026-05-07T21:15:01.513255+00:00 https://vulnerability.circl.lu/sighting/9fdc54a6-88d9-4dbb-be03-846f5f5da086/export 2026-05-31T19:23:02.812840+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "9fdc54a6-88d9-4dbb-be03-846f5f5da086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44244", "type": "seen", "source": "https://gist.github.com/alon710/be4c0540ec919d713e0bd6ccf621615c", "content": "# GHSA-MV93-W799-CJ2W: GHSA-MV93-W799-CJ2W: Remote Code Execution via Config Section Injection in GitPython\n\n> **CVSS Score:** 7.8\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/GHSA-MV93-W799-CJ2W\n\n## Summary\nGitPython versions prior to 3.1.50 are vulnerable to a newline injection attack in the `config_writer()` and `set_value()` methods. An incomplete fix for CVE-2026-44244 failed to sanitize the configuration section parameter, allowing an attacker to inject malicious Git configuration blocks such as `[core]` and override the `hooksPath`. This leads to unauthenticated remote code execution when subsequent Git operations trigger the injected hooks.\n\n## TL;DR\nNewline injection in GitPython's config_writer section parameter allows attackers to override core.hooksPath and achieve Remote Code Execution.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-94, CWE-150\n- **Attack Vector**: Local (via Application Input)\n- **CVSS Base Score**: 7.8 (High)\n- **Exploit Status**: Proof of Concept Available\n- **Impact**: Remote Code Execution via Git Hooks\n- **Patched Version**: 3.1.50\n\n## Affected Systems\n\n- GitPython pip package\n- **GitPython**: < 3.1.50 (Fixed in: `3.1.50`)\n\n## Mitigation\n\n- Upgrade GitPython pip package to version 3.1.50 or later.\n- Implement application-level input validation to sanitize user input passed to GitPython API.\n- Reject or strip newline characters (\\n, \\r) from configuration section variables.\n- Monitor .git/config files for anomalous structures and unexpected hooksPath entries.\n\n**Remediation Steps:**\n1. Identify all projects utilizing the GitPython library within the environment.\n2. Update the GitPython dependency to >= 3.1.50 via package manager (e.g., pip install --upgrade GitPython).\n3. Review application source code for calls to `config_writer().set_value()` and `config_writer().add_section()`.\n4. Ensure input passed to these methods is heavily sanitized if derived from external sources.\n5. Deploy file integrity monitoring rules to alert on modifications to repository `.git/config` files introducing new `hooksPath` directives.\n\n## References\n\n- [GitHub Advisory Database: GHSA-MV93-W799-CJ2W](https://github.com/advisories/GHSA-MV93-W799-CJ2W)\n- [GitPython Security Advisories](https://github.com/gitpython-developers/GitPython/security/advisories)\n- [GitLab Advisory Database: GHSA-mv93-w799-cj2w](https://advisories.gitlab.com/advisories/GHSA-mv93-w799-cj2w)\n- [NVD Detail (Related CVE-2026-44244)](https://nvd.nist.gov/vuln/detail/CVE-2026-44244)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-MV93-W799-CJ2W) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-09T05:40:29.000000Z"} 2026-05-09T05:40:29+00:00