{"uuid": "9fdc54a6-88d9-4dbb-be03-846f5f5da086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44244", "type": "seen", "source": "https://gist.github.com/alon710/be4c0540ec919d713e0bd6ccf621615c", "content": "# GHSA-MV93-W799-CJ2W: GHSA-MV93-W799-CJ2W: Remote Code Execution via Config Section Injection in GitPython\n\n> **CVSS Score:** 7.8\n> **Published:** 2026-05-08\n> **Full Report:** https://cvereports.com/reports/GHSA-MV93-W799-CJ2W\n\n## Summary\nGitPython versions prior to 3.1.50 are vulnerable to a newline injection attack in the `config_writer()` and `set_value()` methods. An incomplete fix for CVE-2026-44244 failed to sanitize the configuration section parameter, allowing an attacker to inject malicious Git configuration blocks such as `[core]` and override the `hooksPath`. This leads to unauthenticated remote code execution when subsequent Git operations trigger the injected hooks.\n\n## TL;DR\nNewline injection in GitPython's config_writer section parameter allows attackers to override core.hooksPath and achieve Remote Code Execution.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-94, CWE-150\n- **Attack Vector**: Local (via Application Input)\n- **CVSS Base Score**: 7.8 (High)\n- **Exploit Status**: Proof of Concept Available\n- **Impact**: Remote Code Execution via Git Hooks\n- **Patched Version**: 3.1.50\n\n## Affected Systems\n\n- GitPython pip package\n- **GitPython**: < 3.1.50 (Fixed in: `3.1.50`)\n\n## Mitigation\n\n- Upgrade GitPython pip package to version 3.1.50 or later.\n- Implement application-level input validation to sanitize user input passed to GitPython API.\n- Reject or strip newline characters (\\n, \\r) from configuration section variables.\n- Monitor .git/config files for anomalous structures and unexpected hooksPath entries.\n\n**Remediation Steps:**\n1. Identify all projects utilizing the GitPython library within the environment.\n2. Update the GitPython dependency to >= 3.1.50 via package manager (e.g., pip install --upgrade GitPython).\n3. Review application source code for calls to `config_writer().set_value()` and `config_writer().add_section()`.\n4. Ensure input passed to these methods is heavily sanitized if derived from external sources.\n5. Deploy file integrity monitoring rules to alert on modifications to repository `.git/config` files introducing new `hooksPath` directives.\n\n## References\n\n- [GitHub Advisory Database: GHSA-MV93-W799-CJ2W](https://github.com/advisories/GHSA-MV93-W799-CJ2W)\n- [GitPython Security Advisories](https://github.com/gitpython-developers/GitPython/security/advisories)\n- [GitLab Advisory Database: GHSA-mv93-w799-cj2w](https://advisories.gitlab.com/advisories/GHSA-mv93-w799-cj2w)\n- [NVD Detail (Related CVE-2026-44244)](https://nvd.nist.gov/vuln/detail/CVE-2026-44244)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-MV93-W799-CJ2W) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-09T05:40:29.000000Z"}