{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"HIGH" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository's .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations.", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44243" }, { "summary":"CVE-2026-44243 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2026/csaf-openeuler-cve-2026-44243.json" }, { "summary":"openEuler-SA-2026-2308", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2308" }, { "summary":"CVE-2026-44243", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-44243&packageName=python-GitPython" } ], "title":"openEuler cve CVE-2026-44243", "tracking":{ "initial_release_date":"2026-05-18T10:35:18+08:00", "revision_history":[ { "date":"2026-05-18T10:35:18+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-05-18T10:35:18+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-05-18T10:35:18+08:00", "id":"CVE-2026-44243", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python-GitPython-3.1.49-1.oe2403sp3.src.rpm", "name":"python-GitPython-3.1.49-1.oe2403sp3.src.rpm" }, "name":"python-GitPython-3.1.49-1.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python-GitPython-help-3.1.49-1.oe2403sp3.noarch.rpm", "name":"python-GitPython-help-3.1.49-1.oe2403sp3.noarch.rpm" }, "name":"python-GitPython-help-3.1.49-1.oe2403sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python3-GitPython-3.1.49-1.oe2403sp3.noarch.rpm", "name":"python3-GitPython-3.1.49-1.oe2403sp3.noarch.rpm" }, "name":"python3-GitPython-3.1.49-1.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python-GitPython-3.1.49-1.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python-GitPython-3.1.49-1.oe2403sp3.src", "name":"python-GitPython-3.1.49-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python-GitPython-help-3.1.49-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python-GitPython-help-3.1.49-1.oe2403sp3.noarch", "name":"python-GitPython-help-3.1.49-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python3-GitPython-3.1.49-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python3-GitPython-3.1.49-1.oe2403sp3.noarch", "name":"python3-GitPython-3.1.49-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-44243", "notes":[ { "text":"A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository's .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } }, "remediations":[ { "product_ids":{ "$ref":"$.vulnerabilities[0].product_status.fixed" }, "details":"python-GitPython security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2308" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-44243" } ] }