git is vulnerable to Path Traversal. In the windows port of Git, no localized messages are shipped with the installer. As a result, Git is expected not to localize messages at all, and skips the gettext initialization which could be exploited.
www.openwall.com/lists/oss-security/2023/04/25/2
axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack
github.com/git-for-windows/git/releases/tag/v2.40.1.windows.1
github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8
github.com/msys2/MINGW-packages/pull/10461
lists.fedoraproject.org/archives/list/[email protected]/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/
lists.fedoraproject.org/archives/list/[email protected]/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/
lists.fedoraproject.org/archives/list/[email protected]/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/
pubs.opengroup.org/onlinepubs/9699919799/functions/printf.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
security.gentoo.org/glsa/202312-15