Git For Windows Security Vulnerabilities and Issues — Git For Windows CVE List

Git For Windows ProjectGit For Windows

7 matches found

CVE•added 2022/04/12 5:51 p.m.•201 views

CVE-2022-24767

CVE-2022-24767 affects Git for Windows prior to 2.35.2, where the uninstaller is vulnerable to DLL hijacking when executed under the SYSTEM account. Root cause: uninstaller loads a malicious DLL from a user-writable path, enabling potential arbitrary code execution or compromise of the host as de...

7.8CVSS7.6AI score0.01694EPSS

CVE•added 2023/04/25 7:51 p.m.•194 views

CVE-2023-25815

CVE-2023-25815 (Git for Windows) affects the Windows port of Git where gettext initialization could read fake localized messages from C:; this enables low-privilege users with local write access to inject malicious messages that Git may display. The issue arises because gettext() now uses a hard-...

3.3CVSS5.7AI score0.00099EPSS

CVE•added 2023/02/14 8:38 p.m.•120 views

CVE-2023-23618

Summary: CVE-2023-23618 affects Git for Windows (Windows port of Git). Prior to version 2.39.2, running gitk on Windows can cause executables from the current directory to be executed inadvertently, which could be exploited via social engineering to trick users into running untrusted code. Affect...

8.6CVSS8AI score0.00188EPSS

CVE•added 2023/04/25 8:40 p.m.•113 views

CVE-2023-29011

Summary of CVE-2023-29011 (Git for Windows): The Windows port of Git ships with connect.exe, a SOCKS5 proxy, which reads a config file at a hard-coded path (/etc/connectrc). On Windows this path is interpreted as C:\etc\connectrc, which an authenticated user on a multi-user system can create or m...

7.8CVSS7.6AI score0.001EPSS

CVE•added 2023/04/25 8:44 p.m.•111 views

CVE-2023-29012

CVE-2023-29012 affects Git for Windows: prior to version 2.40.1, starting Git CMD in an untrusted directory could silently execute a maliciously placed doskey.exe due to a mis-specified search path. The vulnerability is addressed in Git for Windows v2.40.1; remediation is to upgrade. Workarounds ...

7.8CVSS7.3AI score0.00111EPSS

CVE•added 2023/02/14 8:39 p.m.•96 views

CVE-2023-22743

Git for Windows prior to 2.39.2 is vulnerable to DLL side-loading: an attacker with local write access can place a malicious DLL next to the installer and trigger elevation during upgrades. Version 2.39.2 includes a fix. Workarounds mention not leaving untrusted files in the Downloads folder (or ...

7.3CVSS7AI score0.00088EPSS

CVE•added 2016/11/11 5:0 p.m.•31 views

CVE-2016-9274

CVE-2016-9274 : In Git for Windows 1.x, an untrusted search path vulnerability allows local privilege escalation via a Trojan horse git.exe in the current working directory. The issue affects Git for Windows 1.x; Git 2.x is not affected. The root cause is the ability to execute a malicious git.ex...

7.8CVSS7.6AI score0.00355EPSS