CVE-2023-23618 Information

Description

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2 when gitk is run on Windows it potentially runs executables from the current directory inadvertently which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround avoid using gitk (or Git GUI’s \Visualize History\ functionality) in clones of untrusted repositories.

Reference

https://github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pm https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c https://wiki.tcl-lang.org/page/exec https://github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1