PT-2026-47549 · Pypi · Dulwich
Published
2026-06-08
·
Updated
2026-06-08
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Impact
dulwich.porcelain.format patch(outdir=...) derives each patch filename from the commit's subject line. Prior to this fix, get summary only replaced spaces with dashes - path separators (/, ), parent-directory components (..), and other filename-hostile characters (e.g. :) were preserved verbatim and passed straight into os.path.join(outdir, f"{i:04d}-{summary}.patch").
A malicious commit subject could therefore direct the generated patch file outside the requested outdir. Reduced examples:
- x/../../x produced /0001-x/../../x.patch, resolving two directories above outdir.
- x....x produced the equivalent escape on Windows, here is also a path separator.
Related issues from the same root cause:
- Subjects containing characters that are illegal in Windows filenames (e.g. :) caused format patch to fail outright on Windows, where git would have succeeded.
- Very long subjects produced excessively long filenames that could exceed filesystem limits; git truncates them.
Anyone calling porcelain.format patch (or the dulwich format-patch CLI) against untrusted commits - for example, a service that runs format-patch over user-supplied repositories or pull requests - could have patch files written to attacker-chosen locations within the process's write permissions.
Patches
Fixed in Dulwich 1.2.5. Users should upgrade.
dulwich.patch.get summary now mirrors git's format sanitized subject: only
[A-Za-z0-9. ] are kept, runs of other characters collapse to a single -, consecutive . collapse to a single ., trailing ./- are stripped, and the result is length-limited. This makes the returned string safe to embed as a filename component, so format patch can no longer be steered out of outdir via the commit subject.Workarounds
Until upgrading, callers that pass untrusted commits to porcelain.format patch can:
- Use stdout=True and write the patch to a destination they control, rather than letting format patch choose the filename.
- Validate the chosen path before opening - e.g. compare os.path.realpath(returned path) against os.path.realpath(outdir) and reject any patch whose resolved path is not inside outdir.
- Pre-screen commits and refuse to format any whose subject's first line contains /, , .., or other characters that are not safe on the target filesystem.
Resources
- Fix commit: https://github.com/jelmer/dulwich/commit/c2446e51b
- Affected API: dulwich.porcelain.format patch / dulwich format-patch
- Reference behavior: git's format sanitized subject in pretty.c
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dulwich