Tag

Newline-Injection

3 briefs RSS

GitPython config_writer() Newline Injection Bypasses CVE-2026-42215 Patch

An incomplete patch for CVE-2026-42215 in GitPython allows newline injection in the section parameter of the config_writer() function, enabling arbitrary .git/config modification and remote code execution via core.hooksPath.

GitPython newline-injection rce code-injection

2r 3t 1c May 8, 2026

critical advisory

Gotenberg Unauthenticated RCE via ExifTool Metadata Key Injection

3 rules 1 TTP

Gotenberg version 8.29.1 is vulnerable to unauthenticated remote code execution (RCE) due to newline injection in metadata keys passed to ExifTool, allowing arbitrary command execution via the `-if` flag.

Gotenberg 8.29.1 gotenberg rce exiftool newline-injection cwe-78

3r 1t Jan 3, 2024

high advisory

GitPython config_writer().set_value() Newline Injection RCE

2 rules 1 TTP

A newline injection vulnerability in GitPython's `config_writer().set_value()` function enables remote code execution by manipulating the `core.hooksPath` Git configuration.

GitPython newline injection remote code execution config poisoning

2r 1t Jan 2, 2024