admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-23618.md

21 lines
1.1 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-23618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23618)
![](https://img.shields.io/static/v1?label=Product&message=git&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.39.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-426%3A%20Untrusted%20Search%20Path&color=brighgreen)
### Description
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/9069332997/session-1-full-stack
- https://github.com/ARPSyndicate/cvemon
- https://github.com/KK-Designs/UpdateHub
- https://github.com/ycdxsb/ycdxsb
Reference in New Issue Copy Permalink