Gitforwindows Git vulnerabilities

CVE-2022-31012 [HIGH] CWE-426 CVE-2022-31012: Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versi Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are availab

CVE-2021-46101 [HIGH] CVE-2021-46101: In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.

CVE-2018-11235 [HIGH] CWE-22 CVE-2018-11235: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x b In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then ap