{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/gitpython/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2023-40267"}],"_cs_exploited":false,"_cs_products":["GitPython"],"_cs_severities":["high"],"_cs_tags":["gitpython","code-execution","git-hooks","command-injection"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eGitPython before version 3.1.47 is susceptible to a command execution vulnerability. The issue stems from how the \u003ccode\u003e_clone()\u003c/code\u003e function validates the \u003ccode\u003emulti_options\u003c/code\u003e parameter used in the \u003ccode\u003eclone_from()\u003c/code\u003e, \u003ccode\u003eclone()\u003c/code\u003e, or \u003ccode\u003eSubmodule.update()\u003c/code\u003e methods. Specifically, the validation occurs on the original list of options before the \u003ccode\u003eshlex.split\u003c/code\u003e transformation. This allows an attacker to craft a string like \u003ccode\u003e\u0026quot;--branch main --config core.hooksPath=/x\u0026quot;\u003c/code\u003e which passes the initial validation because it starts with a safe option (\u003ccode\u003e--branch\u003c/code\u003e). However, after the string is split into tokens, the \u003ccode\u003e--config\u003c/code\u003e option becomes active, allowing the attacker to inject a malicious \u003ccode\u003ecore.hooksPath\u003c/code\u003e configuration. This configuration points Git to a directory containing attacker-controlled Git hooks, which are then executed during the clone operation. This vulnerability is similar in nature to CVE-2023-40267.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable application using GitPython to clone repositories.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious string containing a Git configuration option, such as \u003ccode\u003e--config core.hooksPath=/path/to/malicious/hooks\u003c/code\u003e, embedded within a seemingly benign option string like \u003ccode\u003e--branch main --config core.hooksPath=/path/to/malicious/hooks\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker injects this malicious string into the \u003ccode\u003emulti_options\u003c/code\u003e parameter of the \u003ccode\u003eclone_from()\u003c/code\u003e, \u003ccode\u003eclone()\u003c/code\u003e, or \u003ccode\u003eSubmodule.update()\u003c/code\u003e methods.\u003c/li\u003e\n\u003cli\u003eGitPython\u0026rsquo;s \u003ccode\u003e_clone()\u003c/code\u003e function validates the \u003ccode\u003emulti_options\u003c/code\u003e parameter using \u003ccode\u003eGit.check_unsafe_options()\u003c/code\u003e \u003cem\u003ebefore\u003c/em\u003e it is processed by \u003ccode\u003eshlex.split()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eBecause the malicious string starts with a safe option (\u003ccode\u003e--branch\u003c/code\u003e), it bypasses the validation check.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eshlex.split()\u003c/code\u003e function then transforms the string into a list of individual options, making the \u003ccode\u003e--config\u003c/code\u003e option active.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003egit clone\u003c/code\u003e command is executed with the injected \u003ccode\u003e--config core.hooksPath=/path/to/malicious/hooks\u003c/code\u003e option, causing Git to use the attacker-controlled directory for Git hooks.\u003c/li\u003e\n\u003cli\u003eGit executes the malicious hooks (e.g., \u003ccode\u003epost-checkout\u003c/code\u003e), resulting in arbitrary code execution on the victim\u0026rsquo;s machine.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code on the system where the GitPython library is used. Any application that passes user-supplied input to the \u003ccode\u003emulti_options\u003c/code\u003e parameter of the affected functions is vulnerable. This can lead to complete system compromise, data exfiltration, or denial of service. The vulnerability affects GitPython versions prior to 3.1.47.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GitPython to version 3.1.47 or later to patch the vulnerability (Affected Packages).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for any user-supplied input used to construct the \u003ccode\u003emulti_options\u003c/code\u003e parameter to prevent injection of malicious Git configurations (Code).\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for the execution of unexpected processes from directories specified as \u003ccode\u003ecore.hooksPath\u003c/code\u003e (see Sigma rule \u003ccode\u003eDetect Suspicious Git Hook Execution\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-23T12:00:00Z","date_published":"2024-01-23T12:00:00Z","id":"/briefs/2024-01-23-gitpython-hook-execution/","summary":"A vulnerability in GitPython versions prior to 3.1.47 allows for command execution during repository cloning by manipulating the `multi_options` parameter to inject malicious Git configurations, such as `core.hooksPath`, leading to the execution of attacker-controlled hooks.","title":"GitPython Vulnerability Allows Arbitrary Code Execution via Git Hooks","url":"https://feed.craftedsignal.io/briefs/2024-01-23-gitpython-hook-execution/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["GitPython (3.1.30-3.1.46)"],"_cs_severities":["high"],"_cs_tags":["command-injection","gitpython","vulnerability"],"_cs_type":"advisory","_cs_vendors":["pip"],"content_html":"\u003cp\u003eGitPython, a library providing programmatic interaction with Git repositories, is susceptible to a command injection vulnerability in versions 3.1.30 to 3.1.46. The vulnerability stems from insufficient validation of keyword arguments (kwargs) passed to functions like \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, and \u003ccode\u003eRemote.push()\u003c/code\u003e. Specifically, when underscore-form kwargs (e.g., \u003ccode\u003eupload_pack\u003c/code\u003e) are used, they bypass the intended safety checks designed to prevent the execution of arbitrary commands via Git options like \u003ccode\u003e--upload-pack\u003c/code\u003e. This occurs because the validation logic only checks for hyphenated forms (e.g., \u003ccode\u003eupload-pack\u003c/code\u003e). Attackers can exploit this by injecting malicious commands through these kwargs, even when \u003ccode\u003eallow_unsafe_options\u003c/code\u003e is set to its default value of \u003ccode\u003eFalse\u003c/code\u003e. This issue was reported on April 25, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a web application or system that uses GitPython to manage Git repositories.\u003c/li\u003e\n\u003cli\u003eThe attacker finds an endpoint or function where they can control kwargs passed to \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, or \u003ccode\u003eRemote.push()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload, using underscore-form kwargs such as \u003ccode\u003eupload_pack\u003c/code\u003e or \u003ccode\u003ereceive_pack\u003c/code\u003e, setting their value to a command they want to execute (e.g., a shell script path or a direct command).\u003c/li\u003e\n\u003cli\u003eThe application or system, using a vulnerable version of GitPython, receives these kwargs and bypasses the intended safety check.\u003c/li\u003e\n\u003cli\u003eGitPython\u0026rsquo;s \u003ccode\u003eGit.transform_kwarg()\u003c/code\u003e method converts the underscore-form kwargs into their corresponding hyphenated Git options (e.g., \u003ccode\u003eupload_pack\u003c/code\u003e becomes \u003ccode\u003e--upload-pack\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe Git command is executed with the attacker-controlled option, leading to arbitrary command execution on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access, potentially stealing credentials, modifying repositories, or moving laterally within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to severe consequences, especially in web applications, CI/CD systems, and automation tools that rely on GitPython for repository management. Attackers could steal SSH keys, API tokens, cloud credentials, or other sensitive information. They could also modify repositories, build outputs, or release artifacts, leading to supply chain attacks. In CI/CD environments, this vulnerability could enable lateral movement from worker nodes or compromise the entire automation infrastructure. The number of affected systems depends on the prevalence of vulnerable GitPython versions in exposed applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GitPython to version 3.1.47 or later to remediate the vulnerability (affected_products).\u003c/li\u003e\n\u003cli\u003eReview code that uses \u003ccode\u003eRepo.clone_from()\u003c/code\u003e, \u003ccode\u003eRemote.fetch()\u003c/code\u003e, \u003ccode\u003eRemote.pull()\u003c/code\u003e, or \u003ccode\u003eRemote.push()\u003c/code\u003e and ensure that kwargs are properly validated to prevent attacker-controlled input (references).\u003c/li\u003e\n\u003cli\u003eImplement input validation to block underscore-form kwargs such as \u003ccode\u003eupload_pack\u003c/code\u003e or \u003ccode\u003ereceive_pack\u003c/code\u003e before they are passed to GitPython functions (references).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect GitPython Kwarg Command Injection\u003c/code\u003e to identify potential exploitation attempts in application logs (rules).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T10:00:00Z","date_published":"2024-01-09T10:00:00Z","id":"/briefs/2024-01-09-gitpython-cmd-injection/","summary":"GitPython versions 3.1.30 through 3.1.46 are vulnerable to command injection by passing attacker-controlled kwargs into `Repo.clone_from()`, `Remote.fetch()`, `Remote.pull()`, or `Remote.push()`, leading to arbitrary command execution due to bypassed safety checks.","title":"GitPython Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-09-gitpython-cmd-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Gitpython","version":"https://jsonfeed.org/version/1.1"}