dulwich

vulnerable: 0.0.1 ... 0.9.8 (33 versions)

The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

vulnerable: 0.0.1 ... 0.9.8 (33 versions)

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

vulnerable: 0.0.1 ... 0.9.9 (56 versions)

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, C…

vulnerable: 0.10.0 ... 1.2.4 (133 versions)

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repo…

vulnerable: 0.24.0 ... 1.2.4 (21 versions)

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker …

vulnerable: 0.24.0 ... 1.2.4 (21 versions)

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch filename from the commit's subject line. Pr…

vulnerable: 0.1.0 ... 1.2.4 (166 versions)

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~174 bytes) whose delta header declares a …