You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
gitk can inadvertently call executables in the worktree
High
derrickstolee
published
GHSA-wxwv-49qw-35pmFeb 14, 2023
Package
git-for-windows
Affected versions
<=2.39.1
Patched versions
2.39.2
Description
Impact
When gitk is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code.
ycdxsb Analyst
Impact
When
gitkis run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code.Patches
Workarounds
Avoid using
gitk(or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.References