CVE-2020-27955
Git LFS on Windows is vulnerable to remote code execution when cloning a malicious repo, due to Go behavior that may execute a current-directory binary (git.bat/git.exe). The issue is a known incomplete fix for CVE-2020-27955 and is discussed across advisories (GHSA-CX3W-XQMC-84G5; GHSA-4G4P-42WC...