USN-8303-1
- Source
- https://ubuntu.com/security/notices/USN-8303-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8303-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-8303-1
- Upstream
- Related
- Published
- 2026-05-26T21:52:45Z
- Modified
- 2026-05-27T10:32:49.665850585Z
- Summary
- python-git vulnerabilities
- Details
-
Santos Gallegos discovered that GitPython did not properly validate paths when resolving certain Git references. An attacker could possibly use this issue to cause files outside the .git directory to be accessed, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-41040)
Wes Ring discovered that GitPython did not properly block certain unsafe Git options when they were provided as Python keyword arguments. An attacker could possibly use this issue to cause arbitrary command execution. (CVE-2026-42215)
It was discovered that GitPython did not properly validate clone options before processing them. An attacker could possibly use this issue to inject unsafe Git configuration, leading to arbitrary command execution through Git hooks. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-42284)
It was discovered that GitPython did not properly validate reference paths during reference operations. An attacker could possibly use this issue to write, overwrite, move, or delete files outside the repository. (CVE-2026-44243)
Dan Aridor discovered that GitPython did not properly validate configuration values before writing them to Git configuration files. An attacker could possibly use this issue to inject unsafe Git configuration, leading to arbitrary command execution through Git hooks. (CVE-2026-44244)
- References
Affected packages
Ubuntu:Pro:14.04:LTS
python-git
Package
- Name
- python-git
- Purl
- pkg:deb/ubuntu/python-git?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.3.2~RC1-3ubuntu0.1~esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "python-git",
"binary_version": "0.3.2~RC1-3ubuntu0.1~esm3"
}
],
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"
}Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2023-41040"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42215"
},
{
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44243"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44244"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8303-1.json"
Ubuntu:Pro:16.04:LTS
python-git
Package
- Name
- python-git
- Purl
- pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps-legacy%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4
Affected versions
1.*
1.0.1+git137-gc8b8379-1
1.0.1+git137-gc8b8379-2
1.0.1+git137-gc8b8379-2.1
1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1
1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "python-git",
"binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4"
},
{
"binary_name": "python3-git",
"binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4"
}
],
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"
}Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2023-41040"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42215"
},
{
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44243"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44244"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8303-1.json"
Ubuntu:Pro:18.04:LTS
python-git
Package
- Name
- python-git
- Purl
- pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.8-1ubuntu0.1~esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "python-git",
"binary_version": "2.1.8-1ubuntu0.1~esm4"
},
{
"binary_name": "python3-git",
"binary_version": "2.1.8-1ubuntu0.1~esm4"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2023-41040"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42215"
},
{
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44243"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44244"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8303-1.json"
Ubuntu:Pro:20.04:LTS
python-git
Package
- Name
- python-git
- Purl
- pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.7-1ubuntu0.1~esm4
Affected versions
2.*
2.1.11-1
3.*
3.0.4-1
3.0.5-1
3.0.7-1
3.0.7-1ubuntu0.1~esm1
3.0.7-1ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "python3-git",
"binary_version": "3.0.7-1ubuntu0.1~esm4"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2023-41040"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42215"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42284"
},
{
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44243"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44244"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8303-1.json"
Ubuntu:Pro:22.04:LTS
python-git
Package
- Name
- python-git
- Purl
- pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.24-1ubuntu0.1~esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "python3-git",
"binary_version": "3.1.24-1ubuntu0.1~esm3"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2023-41040"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42215"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42284"
},
{
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44243"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44244"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8303-1.json"
Ubuntu:Pro:24.04:LTS
python-git
Package
- Name
- python-git
- Purl
- pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.37-3ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "python3-git",
"binary_version": "3.1.37-3ubuntu0.1~esm2"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42215"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42284"
},
{
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44243"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44244"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8303-1.json"
Ubuntu:Pro:26.04:LTS
python-git
Package
- Name
- python-git
- Purl
- pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Fresolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.46-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "python3-git",
"binary_version": "3.1.46-1ubuntu0.1~esm1"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}Database specific
cves_map
{
"ecosystem": "Ubuntu:Pro:26.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42215"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-42284"
},
{
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44243"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2026-44244"
}
]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8303-1.json"