Packages
- python-git - A python library used to interact with Git repositories
Details
Santos Gallegos discovered that GitPython did not properly validate
paths when resolving certain Git references. An attacker could possibly
use this issue to cause files outside the .git directory to be accessed,
leading to a denial of service. This issue only affected Ubuntu 14.04
LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
22.04 LTS. (CVE-2023-41040)
Wes Ring discovered that GitPython did not properly block certain unsafe
Git options when they were provided as Python keyword arguments. An
attacker could possibly use this issue to cause arbitrary command
execution. (CVE-2026-42215)
It was discovered that GitPython did not properly validate clone options
before processing them. An attacker could possibly use this issue to
inject unsafe Git configuration, leading to arbitrary command execution
through Git hooks. This...
Santos Gallegos discovered that GitPython did not properly validate
paths when resolving certain Git references. An attacker could possibly
use this issue to cause files outside the .git directory to be accessed,
leading to a denial of service. This issue only affected Ubuntu 14.04
LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu
22.04 LTS. (CVE-2023-41040)
Wes Ring discovered that GitPython did not properly block certain unsafe
Git options when they were provided as Python keyword arguments. An
attacker could possibly use this issue to cause arbitrary command
execution. (CVE-2026-42215)
It was discovered that GitPython did not properly validate clone options
before processing them. An attacker could possibly use this issue to
inject unsafe Git configuration, leading to arbitrary command execution
through Git hooks. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-42284)
It was discovered that GitPython did not properly validate reference
paths during reference operations. An attacker could possibly use this
issue to write, overwrite, move, or delete files outside the repository.
(CVE-2026-44243)
Dan Aridor discovered that GitPython did not properly validate
configuration values before writing them to Git configuration files. An
attacker could possibly use this issue to inject unsafe Git
configuration, leading to arbitrary command execution through Git hooks.
(CVE-2026-44244)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | python-git-doc – 3.1.46-1ubuntu0.1~esm1 | ||
| python3-git – 3.1.46-1ubuntu0.1~esm1 | |||
| 24.04 LTS noble | python-git-doc – 3.1.37-3ubuntu0.1~esm2 | ||
| python3-git – 3.1.37-3ubuntu0.1~esm2 | |||
| 22.04 LTS jammy | python-git-doc – 3.1.24-1ubuntu0.1~esm3 | ||
| python3-git – 3.1.24-1ubuntu0.1~esm3 | |||
| 20.04 LTS focal | python-git-doc – 3.0.7-1ubuntu0.1~esm4 | ||
| python3-git – 3.0.7-1ubuntu0.1~esm4 | |||
| 18.04 LTS bionic | python-git – 2.1.8-1ubuntu0.1~esm4 | ||
| python-git-doc – 2.1.8-1ubuntu0.1~esm4 | |||
| python3-git – 2.1.8-1ubuntu0.1~esm4 | |||
| 16.04 LTS xenial | python-git – 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4 | ||
| python-git-doc – 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4 | |||
| python3-git – 1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4 | |||
| 14.04 LTS trusty | python-git – 0.3.2~RC1-3ubuntu0.1~esm3 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.