Tag

Config Poisoning

1 brief RSS

GitPython config_writer().set_value() Newline Injection RCE

A newline injection vulnerability in GitPython's `config_writer().set_value()` function enables remote code execution by manipulating the `core.hooksPath` Git configuration.

GitPython newline injection remote code execution config poisoning

2r 1t Jan 2, 2024