GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists

...

CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in the current directory, if it exists

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed doskey.exe would be executed silently upon running Git CMD. The problem ha...

CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in the current directory, if it exists

Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed doskey.exe would be executed silently upon running Git CMD. The problem ha...

Remote Command Execution

reg-keygen-git-hash-plugin is vulnerable to remote command execution. An attacker is able to inject and execute arbitrary OS commands via various functions in git-cmd-client.ts...