Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-31012— Git for Windows' installer can be tricked into executing an untrusted binary

CVSS 8.2 · High EPSS 0.06% · P19
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-31012

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Git for Windows' installer can be tricked into executing an untrusted binary
Source: NVD (National Vulnerability Database)
Vulnerability Description
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\`.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可信的搜索路径
Source: NVD (National Vulnerability Database)
Vulnerability Title
Git for Windows 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Git for Windows是Git groups的用于 Windows 的 Git。 Git for Windows v2.37.1之前版本存在代码问题漏洞,该漏洞源于安装程序可能会被欺骗执行不受信任的二进制文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
git-for-windowsgit < 2.37.1 -

II. Public POCs for CVE-2022-31012

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-31012

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: git
Same vendor: git-for-windows
Same weakness: CWE-426

V. Comments for CVE-2022-31012

No comments yet

Leave a comment