Vendor

Gitpython

2 briefs RSS

GitPython config_writer() Newline Injection Bypasses CVE-2026-42215 Patch

An incomplete patch for CVE-2026-42215 in GitPython allows newline injection in the section parameter of the config_writer() function, enabling arbitrary .git/config modification and remote code execution via core.hooksPath.

GitPython newline-injection rce code-injection

2r 3t 1c May 8, 2026

high advisory

GitPython config_writer().set_value() Newline Injection RCE

2 rules 1 TTP

A newline injection vulnerability in GitPython's `config_writer().set_value()` function enables remote code execution by manipulating the `core.hooksPath` Git configuration.

GitPython newline injection remote code execution config poisoning

2r 1t Jan 2, 2024