{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/gitpython-3.1.30-3.1.46/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["GitPython (3.1.30-3.1.46)"],"_cs_severities":["high"],"_cs_tags":["command-injection","gitpython","vulnerability"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eGitPython, a library providing programmatic interaction with Git repositories, is susceptible to a command injection vulnerability in versions 3.1.30 to 3.1.46. The vulnerability stems from insufficient validation of keyword arguments (kwargs) passed to functions like \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, and \u003ccode\u003eRemote.push()\u003c/code\u003e. Specifically, when underscore-form kwargs (e.g., \u003ccode\u003eupload_pack\u003c/code\u003e) are used, they bypass the intended safety checks designed to prevent the execution of arbitrary commands via Git options like \u003ccode\u003e--upload-pack\u003c/code\u003e. This occurs because the validation logic only checks for hyphenated forms (e.g., \u003ccode\u003eupload-pack\u003c/code\u003e). Attackers can exploit this by injecting malicious commands through these kwargs, even when \u003ccode\u003eallow_unsafe_options\u003c/code\u003e is set to its default value of \u003ccode\u003eFalse\u003c/code\u003e. This issue was reported on April 25, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a web application or system that uses GitPython to manage Git repositories.\u003c/li\u003e\n\u003cli\u003eThe attacker finds an endpoint or function where they can control kwargs passed to \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, or \u003ccode\u003eRemote.push()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload, using underscore-form kwargs such as \u003ccode\u003eupload_pack\u003c/code\u003e or \u003ccode\u003ereceive_pack\u003c/code\u003e, setting their value to a command they want to execute (e.g., a shell script path or a direct command).\u003c/li\u003e\n\u003cli\u003eThe application or system, using a vulnerable version of GitPython, receives these kwargs and bypasses the intended safety check.\u003c/li\u003e\n\u003cli\u003eGitPython\u0026rsquo;s \u003ccode\u003eGit.transform_kwarg()\u003c/code\u003e method converts the underscore-form kwargs into their corresponding hyphenated Git options (e.g., \u003ccode\u003eupload_pack\u003c/code\u003e becomes \u003ccode\u003e--upload-pack\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe Git command is executed with the attacker-controlled option, leading to arbitrary command execution on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access, potentially stealing credentials, modifying repositories, or moving laterally within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to severe consequences, especially in web applications, CI/CD systems, and automation tools that rely on GitPython for repository management. Attackers could steal SSH keys, API tokens, cloud credentials, or other sensitive information. They could also modify repositories, build outputs, or release artifacts, leading to supply chain attacks. In CI/CD environments, this vulnerability could enable lateral movement from worker nodes or compromise the entire automation infrastructure. The number of affected systems depends on the prevalence of vulnerable GitPython versions in exposed applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GitPython to version 3.1.47 or later to remediate the vulnerability (affected_products).\u003c/li\u003e\n\u003cli\u003eReview code that uses \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, or \u003ccode\u003eRemote.push()\u003c/code\u003e and ensure that kwargs are properly validated to prevent attacker-controlled input (references).\u003c/li\u003e\n\u003cli\u003eImplement input validation to block underscore-form kwargs such as \u003ccode\u003eupload_pack\u003c/code\u003e or \u003ccode\u003ereceive_pack\u003c/code\u003e before they are passed to GitPython functions (references).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect GitPython Kwarg Command Injection\u003c/code\u003e to identify potential exploitation attempts in application logs (rules).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T10:00:00Z","date_published":"2024-01-09T10:00:00Z","id":"/briefs/2024-01-09-gitpython-cmd-injection/","summary":"GitPython versions 3.1.30 through 3.1.46 are vulnerable to command injection by passing attacker-controlled kwargs into `Repo.clone_from()`, `Remote.fetch()`, `Remote.pull()`, or `Remote.push()`, leading to arbitrary command execution due to bypassed safety checks.","title":"GitPython Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-09-gitpython-cmd-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — GitPython (3.1.30-3.1.46)","version":"https://jsonfeed.org/version/1.1"}