VYPR
Unrated severityNVD Advisory· Published Feb 14, 2023· Updated Mar 10, 2025

gitk can inadvertently call executables in the worktree

CVE-2023-23618

Description

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when gitk is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running untrusted code. A patch is available in version 2.39.2. As a workaround, avoid using gitk (or Git GUI's "Visualize History" functionality) in clones of untrusted repositories.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Git For Windows/Gitllm-fuzzy2 versions
    <2.39.2+ 1 more
    • (no CPE)range: <2.39.2
    • (no CPE)range: < 2.39.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.