### [CVE-2023-23618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23618)
![](https://img.shields.io/static/v1?label=Product&message=git&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.39.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-426%3A%20Untrusted%20Search%20Path&color=brighgreen)

### Description

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/9069332997/session-1-full-stack
- https://github.com/ARPSyndicate/cvemon
- https://github.com/KK-Designs/UpdateHub
- https://github.com/ycdxsb/ycdxsb