CVE-2022-41953

CWE-4264 documents3 sources
Severity
7.8HIGH
EPSS
0.8%
top 26.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Git-for-windows GITGit-scm GIT
Timeline
PublishedJan 17
Latest updateFeb 14

Description

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking fo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

CVEListV5git-for-windows/git< 2.39.1
NVDgit-scm/git< 2.39.1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Git clone remote code execution vulnerability in git-for-windows2023-01-17

📋Vendor Advisories

2
Microsoft
GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability2023-02-14
Microsoft
Git clone remote code execution vulnerability in git-for-windows2023-01-10
CVE-2022-41953 (HIGH CVSS 7.8) | Git GUI is a convenient graphical t | cvebase.io