Skip to content

fix(sdk): update dependency dulwich to v1 [security]#11388

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/pypi-dulwich-vulnerability
Open

fix(sdk): update dependency dulwich to v1 [security]#11388
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/pypi-dulwich-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 28, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change OpenSSF
dulwich project.dependencies major ==0.23.0==1.2.5 OpenSSF Scorecard

Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

CVE-2026-42305 / GHSA-897w-fcg9-f6xj

More information

Details

Impact

Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows.

Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax:

  • \ — the Windows path separator. A single tree entry named .git\hooks\pre-commit.exe was treated as one valid filename on POSIX but materialized as nested directories .git/hooks/pre-commit.exe on Windows, planting a file inside the victim's .git directory. Git for Windows then
    executes that hook on the next git commit, giving the attacker arbitrary code execution in the victim's user context. The same primitive can be used with ..\outside.txt to escape the work tree.
  • : — the NTFS alternate-data-stream marker. .git::$INDEX_ALLOCATION writes directly into the victim's .git entity, bypassing the .git-as-a-directory check.
  • git~ — NTFS 8.3 short-name aliases of .git. Only the literal git1 was rejected; git2, git10, GIT1, etc. were all accepted.

Contributing configuration bugs made matters worse. The core.protectNTFS and core.protectHFS settings were looked up under a wrong option name and so user-set values were silently ignored, and core.protectNTFS only defaulted to true on Windows (Git upstream has defaulted it to true everywhere since CVE-2019-1353). Both have been corrected.

Anyone who clones, fetches, or checks out an untrusted repository with Dulwich on Windows - either through the Dulwich CLI, porcelain.clone, or any downstream tool built on Dulwich - is impacted. POSIX clones are not directly exploitable (on POSIX \ is a literal filename byte), but a POSIX user can unknowingly propagate a malicious tree to Windows consumers via push or re-publication.

Patches

Fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later.

The fix lives in three commits:

  • Read core.protectNTFS / core.protectHFS under their documented option names so user-set values are honored.
  • Default core.protectNTFS to true on every platform, matching Git's PROTECT_NTFS_DEFAULT=1.
  • Reject , :, and all git~ 8.3 short-name forms in validate_path_element_ntfs.
Workarounds

There is no effective pre-patch workaround. On affected versions the core.protectNTFS configuration key was silently ignored, so setting it to true does not mitigate the issue. Users who cannot upgrade should avoid cloning, fetching, or checking out untrusted repositories with Dulwich on Windows. After upgrading the NTFS validator is on by default on every platform, so no additional configuration is required.

Resources
  • Git upstream path validation: https://github.com/git/git/blob/master/path.c (is_ntfs_dotgit, verify_path)
  • CVE-2019-1353 — the Git upstream vulnerability that established core.protectNTFS = true as the cross-platform default
  • CVE-2019-1354 — backslash-in-tree-path class in Git, analogous to this issue

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

dulwich/dulwich (dulwich)

v1.2.5: dulwich 1.2.5

Compare Source

This is a security release. All users are encouraged to upgrade.

Security fixes

  • GHSA-gfhv-vqv2-4544 -- Validate submodule paths in porcelain.submodule_update (and thus porcelain.clone(recurse_submodules=True)). A crafted upstream repository could carry a submodule whose path was .git/hooks (or any other path inside .git or above the work tree), causing the submodule's tree contents to be written there with their executable bits intact. The dulwich analogue of git's CVE-2024-32002 / CVE-2024-32004. (Reported by tonghuaroot)

  • CVE-2026-42305 -- Harden tree path validation against entry names that are harmless on POSIX but dangerous when checked out on Windows. validate_path_element_ntfs now also rejects Windows path separators, the alternate data stream marker :, NTFS 8.3 short-name aliases of .git, and reserved Windows device names. core.protectNTFS now defaults to true on every platform, and both core.protectNTFS and core.protectHFS are now read under their correct option names. (Reported by Christopher Toth)

  • CVE-2026-42563 -- Shell-quote values substituted into ProcessMergeDriver commands. A malicious branch could inject shell commands when a merge driver referencing %P was configured. (Reported by Ravishanker Kusuma (hayageek))

  • CVE-2026-47712 -- Sanitize commit subjects used in porcelain.format_patch filenames so a malicious subject (e.g. x/../../x) cannot direct the generated patch outside outdir. (Reported by Christopher Toth)

  • receive.maxInputSize -- Honour receive.maxInputSize in ReceivePackHandler. Previously a remote unauthenticated client could send a tiny crafted pack that declared a huge dest_size and trigger hundreds of MB of allocation over git-receive-pack. (Reported by Liyi, Ziyue, Strick, Maurice and Chenchen @​ University of Sydney)

v1.2.4

Compare Source

Tolerate ref names with empty path components (e.g. `refs/tags//v1.0`) for now, emitting a `DeprecationWarning` rather than raising a `RefFormatError`. Such names are constructed by older Poetry releases (fixed in Poetry 2.4.0) and were silently accepted before Dulwich 1.2.3. `local_branch_name`, `local_tag_name` and `local_replace_name` likewise warn about, and strip, a leading slash instead of raising `ValueError`. Both will become errors again in a future release. (Jelmer Vernooij, #​2192)

v1.2.3

Compare Source

v1.2.2

Compare Source

v1.2.1

Compare Source

Changes since 1.2.0

  • Derive the LFS endpoint as the remote's on-disk LFS store
    (<remote>/.git/lfs for worktrees, <remote>/lfs for bare repos)
    when remote.origin.url points at a local filesystem path or
    file:// URL, matching git-lfs behaviour. Previously the built-in
    smudge filter constructed an HTTP-style <remote>.git/info/lfs path
    that did not exist on disk, leaving LFS-tracked files as pointers
    when cloning from a local repo.

  • Deduplicate objects when writing a multi-pack-index. Objects present
    in multiple packs (e.g. after git gc creates a cruft pack) would
    otherwise produce an OIDL chunk with repeated SHAs, causing
    git multi-pack-index verify to fail with "oid lookup out of order".
    (#​2152)

  • Extend ignorecase and precomposeunicode support to index lookups.
    (#​1807)

v1.2.0: 1.2.0

Compare Source

Notable changes since 1.1.0

New features
  • Add am command and porcelain.am() for applying mailbox-style email patches (git am), with state persistence for --continue, --skip, --abort, and --quit recovery (#​1692).
  • Add apply command and porcelain.apply_patch() for applying unified diffs, including rename/copy detection, binary patches with Git's base85 encoding, and --3way merge fallback (#​1784).
  • Expand log command options: --oneline, --abbrev-commit, --author, --committer, --grep, --since/--after, --until/--before, -n/--max-count, --no-merges, --merges, --stat, -p/--patch, --name-only, and --follow (#​1779).
  • Add support for push options (-o/--push-option) in push, enabling AGit flow and other server-side push option workflows.
  • Add missing push options: --all, --tags, --delete, --dry-run, --prune, --set-upstream, --follow-tags, and --mirror (#​1844).
  • Add support for atomic push operations (--atomic): either all ref updates succeed or none are applied (#​1781).
  • Add support for extensions.relativeworktrees repository extension, allowing worktrees to use relative paths (#​2112).
Configuration support
  • gc.pruneExpire — grace period before unreachable objects are pruned (#​1859).
  • core.precomposeunicode — normalize NFD Unicode paths from macOS filesystems to NFC (#​1804).
  • core.gitProxy — proxy command for git:// protocol connections (#​1850).
  • core.maxStat — limit stat operations when checking for unstaged changes (#​1853).
  • core.packedGitLimit — cap memory used for mmapped pack files, closing LRU packs when exceeded (#​1848).
  • core.deltaBaseCacheLimit — cap memory used for caching delta base objects; defaults to 96 MiB (#​1849).
  • http.userAgent — customize the User-Agent header (global and URL-specific); default is git/dulwich/{version}.
Fixes
  • Fix GPG signature verification to raise BadSignature for all GPG errors, not just BadSignatures; also detect when GPG returns no signatures.
  • Fix client incorrectly sending unborn argument in Git protocol v2 ls-refs requests to servers that don't advertise ls-refs=unborn, preventing clones from older servers like Gerrit 3.12.2 (#​2104).
  • Improve error message in read_info_refs() to show the actual line content when parsing fails (#​2103).
  • Preserve quoted trailing whitespace in config values (#​2145, Christopher Toth).
  • Fix .gitignore parent re-include handling so a later !dir/ re-include allows a subsequent file-level negation to take effect (#​2141, N0zoM1z0).
  • Fix host key verification in contrib/paramiko_vendor.py by loading known hosts and rejecting unknown SSH host keys by default (#​2123, quart27219).
Packaging
  • No longer ship contrib/ as part of the distribution. The contrib/ directory has always been documented as unsupported and is now excluded from the installed package (#​2122).

v1.1.0: 1.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: jelmer/dulwich@dulwich-1.0.0...dulwich-1.1.0

v1.0.0: 1.0.0

Compare Source

What's Changed

Full Changelog: jelmer/dulwich@dulwich-0.25.2...dulwich-1.0.0

v0.25.2: dulwich-0.25.1

Compare Source

What's Changed

Full Changelog: jelmer/dulwich@dulwich-0.25.1...dulwich-0.25.2

v0.25.1

Compare Source

Full Changelog: jelmer/dulwich@dulwich-0.25.0...dulwich-0.25.1

v0.25.0: v0.25.0

Compare Source

What's Changed

New Contributors

Full Changelog: jelmer/dulwich@dulwich-0.24.10...dulwich-0.25.0

v0.24.10: 0.24.10

Compare Source

Full Changelog: jelmer/dulwich@dulwich-0.24.9...dulwich-0.24.10

v0.24.9

Compare Source

  • Fix passing key_filename and ssh_command parameters to SSHGitClient by @​skshetry

  • Relax check to support subclasses of Urllib3HttpGitClient. Fixes
    regression from 0.24.2 where subclasses of Urllib3HttpGitClient would
    not receive the config object. by @​skshetry

  • Fix test_concurrent_ref_operations_compatibility test flakiness by @​jelmer

  • Fix warnings in test suite by @​jelmer

Full Changelog: jelmer/dulwich@dulwich-0.24.8...dulwich-0.24.9

v0.24.8

Compare Source

What's Changed

Full Changelog: jelmer/dulwich@dulwich-0.24.7...dulwich-0.24.8

v0.24.7: 0.24.7

Compare Source

What's Changed

Full Changelog: jelmer/dulwich@dulwich-0.24.6...dulwich-0.24.7

v0.24.6: 0.24.6

Compare Source

What's Changed

Full Changelog: jelmer/dulwich@dulwich-0.24.5...dulwich-0.24.6

v0.24.5: 0.24.5

Compare Source

What's Changed

Full Changelog: jelmer/dulwich@dulwich-0.24.4...dulwich-0.24.5

v0.24.4: 0.24.4

Compare Source

What's Changed

New Contributors

Full Changelog: jelmer/dulwich@dulwich-0.24.2...dulwich-0.24.4

v0.24.3: 0.24.3

Compare Source

What's Changed

Full Changelog: jelmer/dulwich@dulwich-0.24.2...dulwich-0.24.3

v0.24.2: 0.24.2

Compare Source

What's Changed

Note

PR body was truncated to here.

Configuration

📅 Schedule: (in timezone Europe/Madrid)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner May 28, 2026 22:53
@renovate renovate Bot added the security label May 28, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 28, 2026

⚠️ Changes detected in the following folders without a corresponding update to the CHANGELOG.md:

  • prowler (root dependency files changed)

Please add an entry to the corresponding CHANGELOG.md file to maintain a clear history of changes.

@github-actions github-actions Bot added the community Opened by the Community label May 28, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 28, 2026

Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 28, 2026

🔒 Container Security Scan

Image: prowler:ac5c87d
Last scan: 2026-05-28 22:59:33 UTC

📊 Vulnerability Summary

Severity Count
🔴 Critical 13
Total 13

8 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

  • Review the detailed scan results
  • Update affected packages to patched versions
  • Consider using a different base image if updates are unavailable

📋 Resources:

@codecov
Copy link
Copy Markdown

codecov Bot commented May 28, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.24%. Comparing base (81226cd) to head (fc1735b).
⚠️ Report is 2 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (81226cd) and HEAD (fc1735b). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (81226cd) HEAD (fc1735b)
api 1 0
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11388      +/-   ##
==========================================
- Coverage   93.95%   85.24%   -8.72%     
==========================================
  Files         237     1834    +1597     
  Lines       34901    61207   +26306     
==========================================
+ Hits        32792    52177   +19385     
- Misses       2109     9030    +6921
Flag Coverage Δ
api ?
prowler-py3.10-aws 90.09% <ø> (?)
prowler-py3.10-azure 89.50% <ø> (?)
prowler-py3.10-config 85.23% <ø> (?)
prowler-py3.10-gcp 89.85% <ø> (?)
prowler-py3.10-github 89.15% <ø> (?)
prowler-py3.10-googleworkspace 87.85% <ø> (?)
prowler-py3.10-iac 88.91% <ø> (?)
prowler-py3.10-kubernetes 89.51% <ø> (?)
prowler-py3.10-lib 85.24% <ø> (?)
prowler-py3.10-m365 89.14% <ø> (?)
prowler-py3.10-mongodbatlas 88.82% <ø> (?)
prowler-py3.10-nhn 89.24% <ø> (?)
prowler-py3.10-okta 89.29% <ø> (?)
prowler-py3.10-openstack 87.41% <ø> (?)
prowler-py3.10-oraclecloud 87.18% <ø> (?)
prowler-py3.10-scaleway 87.61% <ø> (?)
prowler-py3.10-stackit 87.45% <ø> (?)
prowler-py3.10-vercel 87.68% <ø> (?)
prowler-py3.11-aws 90.09% <ø> (?)
prowler-py3.11-azure 89.50% <ø> (?)
prowler-py3.11-config 85.18% <ø> (?)
prowler-py3.11-gcp 89.85% <ø> (?)
prowler-py3.11-github 89.15% <ø> (?)
prowler-py3.11-googleworkspace 87.79% <ø> (?)
prowler-py3.11-iac 88.84% <ø> (?)
prowler-py3.11-kubernetes 89.51% <ø> (?)
prowler-py3.11-lib 85.19% <ø> (?)
prowler-py3.11-m365 89.07% <ø> (?)
prowler-py3.11-mongodbatlas 88.75% <ø> (?)
prowler-py3.11-nhn 89.24% <ø> (?)
prowler-py3.11-okta 89.29% <ø> (?)
prowler-py3.11-openstack 87.35% <ø> (?)
prowler-py3.11-oraclecloud 87.11% <ø> (?)
prowler-py3.11-scaleway 87.56% <ø> (?)
prowler-py3.11-stackit 87.40% <ø> (?)
prowler-py3.11-vercel 87.62% <ø> (?)
prowler-py3.12-aws 90.09% <ø> (?)
prowler-py3.12-azure 89.50% <ø> (?)
prowler-py3.12-config 85.24% <ø> (?)
prowler-py3.12-gcp 89.86% <ø> (?)
prowler-py3.12-github 89.15% <ø> (?)
prowler-py3.12-googleworkspace 87.86% <ø> (?)
prowler-py3.12-iac 88.93% <ø> (?)
prowler-py3.12-kubernetes 89.51% <ø> (?)
prowler-py3.12-lib 85.25% <ø> (?)
prowler-py3.12-m365 89.16% <ø> (?)
prowler-py3.12-mongodbatlas 88.83% <ø> (?)
prowler-py3.12-nhn 89.25% <ø> (?)
prowler-py3.12-okta 89.30% <ø> (?)
prowler-py3.12-openstack 87.43% <ø> (?)
prowler-py3.12-oraclecloud 87.19% <ø> (?)
prowler-py3.12-scaleway 87.63% <ø> (?)
prowler-py3.12-stackit 87.47% <ø> (?)
prowler-py3.12-vercel 87.69% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler 85.24% <ø> (∅)
api ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

community Opened by the Community security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants