![]() Is there known malware, which exploits this vulnerability? into a download folder) and execute it on the system by tricking the victim to launch the Git for Windows installer from that directory. A remote attacker can place a malicious DLL file into a subdirectory of a specific name next to the Git for Windows installer (e.g. dll libraries in Git for Windows installer. The vulnerability exists due to insecure loading of. *cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:* versions up to (excluding) 2.35.2Ĭpe:2.The vulnerability allows a remote attacker co compromise the affected system. ![]() ![]() Initial Analysis by NIST 10:10:36 PM Action Reference No Types Mailing List, Patch, Third Party Advisory Modified Analysis by NIST 10:37:47 PM Action Reference No Types Mailing List, Third Party Advisory Modified Analysis by NIST 9:27:16 AM Action Mailing List Third Party List Patch Third Party List Patch Third Party List Third Party List Third Party List Third Party List Patch Third Party List Third Party List Third Party List Third Party Advisory Please address comments about this page to List Third Party Advisory Further, NIST does notĮndorse any commercial products that may be mentioned on Not necessarily endorse the views expressed, or concur with Sites that are more appropriate for your purpose. Inferences should be drawn on account of other sites being May have information that would be of interest to you. We have provided these links to other web sites because they ![]() References to Advisories, Solutions, and Toolsīy selecting these links, you will be leaving NIST webspace. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. The problem has been patched in Git for Windows v2.35.2. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Git would then respect any config in said Git directory. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Git for Windows is a fork of Git containing Windows-specific patches.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |