摘要:
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.
安全等级: Low
公告ID: KylinSec-SA-2023-1091
发布日期: 2023年2月20日
关联CVE: CVE-2023-23618
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using `gitk` (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-23618 | KY3.4-4A | git | Unaffected |
| CVE-2023-23618 | KY3.4-5A | git | Unaffected |
| CVE-2023-23618 | KY3.5.1 | git | Unaffected |
| CVE-2023-23618 | KY3.5.2 | git | Unaffected |
