Veath1

**Name of the Vulnerable Software and Affected Versions** Git for Windows versions prior to 2.39.2 **Description** The issue is related to the Windows port of the revision control system Git. By carefully crafting a DLL and placing it into a subdirectory of a specific name next to the Git for Windows installer, Windows can be tricked into side-loading the DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. **Recommendations** For Git for Windows versions prior to 2.39.2, update to version 2.39.2 to resolve the issue. As a temporary workaround, never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.