Description
Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch filename from the commit's subject line. Prior to this fix, get_summary only replaced spaces with dashes - path separators (/, \), parent-directory components (..), and other filename-hostile characters (e.g. :) were preserved verbatim and passed straight into os.path.join(outdir, f"{i:04d}-{summary}.patch"). A malicious commit subject could therefore direct the generated patch file outside the requested outdir. This is fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later. dulwich.patch.get_summary now mirrors git's format_sanitized_subject: only `[A-Za-z0-9._]` are kept, runs of other characters collapse to a single -, consecutive . collapse to a single ., trailing ./- are stripped, and the result is length-limited. This makes the returned string safe to embed as a filename component, so format_patch can no longer be steered out of outdir via the commit subject. Until upgrading, callers that pass untrusted commits to porcelain.format_patch can use stdout=True and write the patch to a destination they control, rather than letting format_patch choose the filename; validate the chosen path before opening - e.g. compare os.path.realpath(returned_path) against os.path.realpath(outdir) and reject any patch whose resolved path is not inside outdir; and/or pre-screen commits and refuse to format any whose subject's first line contains /, \, .., or other characters that are not safe on the target filesystem.
Published: 2026-06-10
Score: 3.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dulwich, a pure‑Python Git implementation, concatenated the commit subject line into the output filename without removing or escaping path traversal characters. An attacker who can supply an untrusted commit to porcelain.format_patch could craft a subject that writes the generated patch outside the requested output directory, overwriting or creating arbitrary files and potentially exposing or tampering with system data.

Affected Systems

The vulnerability affects Dulwich versions released from 0.24.0 up to, but not including, 1.2.5. All users of the jelmer:dulwich library running these versions are impacted until the library is updated to 1.2.5 or newer.

Risk and Exploitability

The issue holds a CVSS score of 3.3, indicating low severity, and is not listed in the CISA KEV catalog. The exploit requires local control over the input to porcelain.format_patch; no network or remote attacker condition is stated, so the attack vector is likely local or within an application that processes untrusted commits. Because the path traversal is performed during filename construction, an attacker could write files to arbitrary locations under the effective user permissions of the process executing the library.

Generated by OpenCVE AI on June 10, 2026 at 23:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dulwich to version 1.2.5 or later.
  • If an upgrade cannot be performed, invoke porcelain.format_patch with stdout=True and write the patch to a path you control, verifying that the file name does not escape the desired directory by comparing os.path.realpath(returned_path) to the intended output directory.
  • Pre‑screen commit subjects and reject any whose first line contains characters such as /, \, .., or other unsafe filesystem symbols before calling format_patch.

Generated by OpenCVE AI on June 10, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-555p-6grf-mh7f Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`
History

Wed, 10 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch filename from the commit's subject line. Prior to this fix, get_summary only replaced spaces with dashes - path separators (/, \), parent-directory components (..), and other filename-hostile characters (e.g. :) were preserved verbatim and passed straight into os.path.join(outdir, f"{i:04d}-{summary}.patch"). A malicious commit subject could therefore direct the generated patch file outside the requested outdir. This is fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later. dulwich.patch.get_summary now mirrors git's format_sanitized_subject: only `[A-Za-z0-9._]` are kept, runs of other characters collapse to a single -, consecutive . collapse to a single ., trailing ./- are stripped, and the result is length-limited. This makes the returned string safe to embed as a filename component, so format_patch can no longer be steered out of outdir via the commit subject. Until upgrading, callers that pass untrusted commits to porcelain.format_patch can use stdout=True and write the patch to a destination they control, rather than letting format_patch choose the filename; validate the chosen path before opening - e.g. compare os.path.realpath(returned_path) against os.path.realpath(outdir) and reject any patch whose resolved path is not inside outdir; and/or pre-screen commits and refuse to format any whose subject's first line contains /, \, .., or other characters that are not safe on the target filesystem.
Title Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T22:01:49.996Z

Reserved: 2026-05-19T21:29:25.481Z

Link: CVE-2026-47712

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T23:16:48.650

Modified: 2026-06-10T23:16:48.650

Link: CVE-2026-47712

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:30:44Z

Weaknesses