Gitforwindows Git
By the Year
In 2024 there have been 0 vulnerabilities in Gitforwindows Git . Git did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 2 | 7.40 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 7.80 |
It may take a day or so for new Git vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Gitforwindows Git Security Vulnerabilities
Git for Windows is a fork of Git that contains Windows-specific patches
CVE-2022-31012
7.3 - High
- July 12, 2022
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.
Untrusted Path
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd
CVE-2021-46101
7.5 - High
- January 31, 2022
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution
CVE-2018-11235
7.8 - High
- May 30, 2018
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Gitforwindows? Click the Watch button to subscribe.