Design/Logic Flaw

GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...

CVE-2024-22190 Untrusted search path under some conditions on Windows allows arbitrary code execution

GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run git, as well as when it runs bash.exe to interpret hooks. If either of those features are used on...

CVE-2023-40590

A flaw was found in Python/Windows. When resolving a program, it looks for the current working directory followed by the PATH environment. GitPython defaults to use the git command if a user runs GitPython from a repo, has a git.exe, or git executable, that program will run instead of the one in...

CVE-2022-31012

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into C:\mingw64\bin\git.exe by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is...

Arbitrary Code Execution

github.com/git-lfs/git-lfs is vulnerable to arbitrary code execution. A remote attacker is able to inject and execute malicious ..exe programs on targeted system when Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in any...

CVE-2016-9274

CVE-2016-9274 : In Git for Windows 1.x, an untrusted search path vulnerability allows local privilege escalation via a Trojan horse git.exe in the current working directory. The issue affects Git for Windows 1.x; Git 2.x is not affected. The root cause is the ability to execute a malicious git.ex...