Unrated severityNVD Advisory· Published Feb 14, 2023· Updated Mar 10, 2025
gitk can inadvertently call executables in the worktree
CVE-2023-23618
Description
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when gitk is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using gitk (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.39.2+ 1 more
- (no CPE)range: <2.39.2
- (no CPE)range: < 2.39.2
Patches
Vulnerability mechanics
References
4- github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05cmitrex_refsource_MISC
- github.com/git-for-windows/git/releases/tag/v2.39.2.windows.1mitrex_refsource_MISC
- github.com/git-for-windows/git/security/advisories/GHSA-wxwv-49qw-35pmmitrex_refsource_CONFIRM
- wiki.tcl-lang.org/page/execmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.