dll file as the C:\Windows\Temp directory is world-writable. Any authenticated user can inject a malicious. CVE-2022-24767: This vulnerability is only exploitable on Git for Windows uninstaller, which runs in the temporary directory of the user. Few variables like core.fsmonitor have capabilities to execute commands, thus leading to arbitrary code execution attacks.Ģ. git directory, and then cause git invocations to occur outside of the repository. Users using Git on multi-user Windows machines are at the highest risk. CVE-2022-24765: The vulnerability if exploited could lead to a potential arbitrary code execution attack.
Both of the vulnerabilities have been assigned a separate CVE namely CVE-2022-24765 and CVE-2022-24767.ġ.
These vulnerabilities are only exploitable if Git is used on a Windows instance or a multi-user machine.
Two new security vulnerabilities have recently been identified in Git.
