UBUNTU-CVE-2026-44243

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-44243

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-44243

Upstream

CVE-2026-44243

Downstream

USN-8303-1

Related

USN-8303-1

Published

2026-05-07T19:16:00Z

Modified

2026-05-27T10:16:58.382378294Z

Severity

7.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. This issue has been patched in version 3.1.48.

References

Affected packages

Ubuntu:25.10

python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.44-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-git",
            "binary_version": "3.1.44-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json"

Ubuntu:Pro:14.04:LTS

python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.2~RC1-3ubuntu0.1~esm3

Affected versions

0.*

0.3.2~RC1-2

0.3.2~RC1-3

0.3.2~RC1-3ubuntu0.1~esm1

0.3.2~RC1-3ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python-git",
            "binary_version": "0.3.2~RC1-3ubuntu0.1~esm3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json"

Ubuntu:Pro:16.04:LTS

python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps-legacy%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4

Affected versions

1.*

1.0.1+git137-gc8b8379-1

1.0.1+git137-gc8b8379-2

1.0.1+git137-gc8b8379-2.1

1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm1

1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python-git",
            "binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4"
        },
        {
            "binary_name": "python3-git",
            "binary_version": "1.0.1+git137-gc8b8379-2.1ubuntu0.1~esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json"

Ubuntu:Pro:18.04:LTS

python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.8-1ubuntu0.1~esm4

Affected versions

2.*

2.1.5-1

2.1.6-1

2.1.7-1

2.1.8-1

2.1.8-1ubuntu0.1~esm1

2.1.8-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python-git",
            "binary_version": "2.1.8-1ubuntu0.1~esm4"
        },
        {
            "binary_name": "python3-git",
            "binary_version": "2.1.8-1ubuntu0.1~esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json"

Ubuntu:Pro:20.04:LTS

python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.7-1ubuntu0.1~esm4

Affected versions

2.*

2.1.11-1

3.*

3.0.4-1

3.0.5-1

3.0.7-1

3.0.7-1ubuntu0.1~esm1

3.0.7-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python3-git",
            "binary_version": "3.0.7-1ubuntu0.1~esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json"

Ubuntu:Pro:22.04:LTS

python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.24-1ubuntu0.1~esm3

Affected versions

3.*

3.1.14-1

3.1.23-1

3.1.24-1

3.1.24-1ubuntu0.1~esm1

3.1.24-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python3-git",
            "binary_version": "3.1.24-1ubuntu0.1~esm3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json"

Ubuntu:Pro:24.04:LTS

python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.37-3ubuntu0.1~esm2

Affected versions

3.*

3.1.30-1

3.1.37-1

3.1.37-3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python3-git",
            "binary_version": "3.1.37-3ubuntu0.1~esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json"

Ubuntu:Pro:26.04:LTS

python-git

Package

Name: python-git
Purl: pkg:deb/ubuntu/python-git?arch=source&distro=esm-apps%2Fresolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.46-1ubuntu0.1~esm1

Affected versions

3.*

3.1.44-1

3.1.45-1

3.1.46-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "python3-git",
            "binary_version": "3.1.46-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44243.json"