Vulnerabilities in jelmer
5 resultsCVE-2026-42305HIGHDulwich has an arbitrary file write via NTFS-hostile tree entries on WindowsEPSS 0.6%CVE-2026-42563HIGHDulwich Vulnerable to Command Injection via Merge Driver PathEPSS 0.6%CVE-2026-52726HIGHDulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payloadEPSS 0.4%CVE-2026-47734MEDIUMDulwich has unbounded memory allocation in receive-pack from crafted thin packsEPSS 0.2%CVE-2026-47712LOWDulwich doesn't sanitize commit subjects in `porcelain.format_patch`EPSS 0.1%