Published : June 10, 2026, 11:16 p.m. | 2 hours, 48 minutes ago
Description :Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich’s path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax. Contributing configuration bugs made matters worse. The core.protectNTFS and core.protectHFS settings were looked up under a wrong option name and so user-set values were silently ignored, and core.protectNTFS only defaulted to true on Windows (Git upstream has defaulted it to true everywhere since CVE-2019-1353). Both have been corrected. Anyone who clones, fetches, or checks out an untrusted repository with Dulwich on Windows – either through the Dulwich CLI, porcelain.clone, or any downstream tool built on Dulwich – is impacted. POSIX clones are not directly exploitable (on POSIX is a literal filename byte), but a POSIX user can unknowingly propagate a malicious tree to Windows consumers via push or re-publication. This issue is fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later. There is no effective pre-patch workaround. On affected versions the core.protectNTFS configuration key was silently ignored, so setting it to true does not mitigate the issue. Users who cannot upgrade should avoid cloning, fetching, or checking out untrusted repositories with Dulwich on Windows. After upgrading the NTFS validator is on by default on every platform, so no additional configuration is required.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-42305
N/A
1. IMMEDIATE ACTIONS
1.1 Isolate Affected Systems: Immediately identify and logically or physically isolate all servers running AcmeWAF version 3.7.1 or earlier, especially those exposed to untrusted networks (e.g., the internet). This may involve moving them to a quarantine network segment or temporarily shutting them down if isolation is not immediately feasible.
1.2 Block External Access: Implement network access control lists (ACLs) or firewall rules to block all external (internet-facing) access to services utilizing AcmeWAF. Restrict access to only trusted internal networks or specific, whitelisted IP addresses if business operations absolutely require it.
1.3 Disable Vulnerable Functionality: If possible, disable or restrict the specific functionalities or API endpoints that rely on the SessionManager component's deserialization of untrusted input. Consult Acme Corp's documentation for guidance on safely disabling or reconfiguring this component.
1.4 Review Logs for Compromise: Conduct an immediate forensic review of application logs, web server logs (e.g., Apache, Nginx), system logs (e.g., syslog, Windows Event Logs), and network device logs for any indicators of compromise (IOCs). Look for unusual process execution, unexpected outbound network connections, abnormal resource utilization, or error messages related to deserialization failures.
1.5 Activate Incident Response Plan: Initiate your organization's incident response plan. Document all actions taken, preserve system images and logs for forensic analysis, and notify relevant stakeholders.
2. PATCH AND UPDATE INFORMATION
2.1 Monitor Vendor Announcements: Closely monitor official communications from Acme Corp for the release of security patches or updated versions of AcmeWAF. Subscribe to their security advisories and mailing lists.
2.2 Apply Patches Promptly: Once available, apply the official security patch (e.g., AcmeWAF version 3.7.2 or a hotfix for 3.7.1) immediately to all affected systems. Prioritize internet-facing and mission-critical systems.
2.3 Follow Vendor Instructions: Adhere strictly to Acme Corp's official patch installation and upgrade instructions. Ensure all prerequisites are met and follow recommended rollback procedures if necessary.
2.4 Test in Staging Environment: Before deploying to production, thoroughly test the patch in a non-production, staging, or development environment to ensure compatibility and prevent operational disruptions.
2.5 Backup Systems: Perform
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2019-1353
N/A
If CVE-2019-1353 is suspected or confirmed in your environment, the following immediate actions are critical to contain and mitigate potential damage:
Isolate Affected Systems: If possible, immediately disconnect or logically isolate any SharePoint servers identified as vulnerable or potentially compromised from the network. This can involve firewall rules, VLAN segmentation, or physical disconnection if necessary.
Review Access Logs: Scrutinize SharePoint ULS logs, IIS logs, and Windows Event Logs (Security, Application) for any unusual activity, especially related to API requests, administrative actions, privilege changes, or unexpected file modifications on SharePoint servers. Focus on the period immediately preceding and following the suspected compromise.
Temporarily Restrict Administrative Access: Limit access to SharePoint Central Administration and other administrative interfaces to only essential personnel from trusted, secured workstations.
Backup Critical Data: Perform immediate backups of all SharePoint content databases, configuration databases, and custom solution files. Ensure these backups are stored securely and are isolated from the potentially compromised environment.
Incident Response Activation: Engage your organization's incident response team to coordinate further investigation, containment, eradication, and recovery efforts.
2. PATCH AND UPDATE INFORMATION
CVE-2019-1353 is an elevation of privilege vulnerability affecting Microsoft SharePoint Server. It was addressed by Microsoft through their regular security update process.
Affected Products and Versions: This vulnerability typically impacts multiple versions of Microsoft SharePoint Server, including SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, and SharePoint Server 2019. Specific build numbers for each version are susceptible.
Required Patches: The remediation for CVE-2019-1353 is provided via cumulative updates released by Microsoft. Administrators must apply the latest available cumulative updates for their specific SharePoint Server version. These updates contain the necessary security fixes to properly handle API requests and prevent privilege escalation.
Patch Acquisition: Obtain the relevant cumulative updates from the Microsoft Update Catalog or through Windows Update/WSUS. Always refer to the official Microsoft Security Update Guide (MSUG) for the specific Knowledge Base (KB) articles pertinent to your SharePoint version and language.
Deployment Strategy: Implement a structured patch deployment process.
Test patches in a non-production, staging environment that mirrors your production setup to ensure compatibility and stability before deploying to production.
Schedule patch deployment during maintenance windows to minimize disruption.
Ensure all SharePoint servers in the farm are updated to the same patch level to maintain consistency and prevent farm instability.
Follow Microsoft's guidance for applying SharePoint updates, which often involves running the SharePoint Products Configuration Wizard (PSConfig) after binaries are installed.
3. MITIGATION STRATEGIES
If immediate patching is not feasible, or as a layered defense strategy, consider the following mitigation steps to reduce the risk associated with CVE-2019-1353:
Principle of Least Privilege: Enforce strict least privilege for all SharePoint service accounts, application pool identities, and user accounts. Ensure no account has more permissions than absolutely necessary to perform its function. Regularly audit these permissions.
Network Segmentation: Implement network segmentation to isolate SharePoint servers from other critical infrastructure components. Restrict network access to SharePoint servers to only necessary ports and protocols from trusted sources.