GitPython Critical Vulnerability - 20260603002

Overview

GitPython is a python library used to interact with Git repositories. Git have addessed a critical vulnerability in GitPython where Git applies the config and executes attacker hooks during clone in all versions prior to 3.1.47

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
GitPython	All versions prior to 3.1.47	CVE-2026-42284	9.8	Critical

Recommendation

The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

• GitPython: https://github.com/gitpython-developers/GitPython/releases/tag/3.1.47

Additional References

• GitPython Advisories: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-x2qx-6953-8485
• Ubuntu Security Advisory: https://ubuntu.com/security/CVE-2026-42284