CVE-2021-29468

Name of the Vulnerable Software and Affected Versions: Cygwin Git versions prior to 2.31.1-2

Description: A specially crafted repository containing symbolic links and files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The issue allows an attacker to execute code when a user checks out a repository from an untrusted source. As a mitigation measure, users should not clone or pull from repositories from untrusted sources.

Recommendations: For versions prior to 2.31.1-2, update to Cygwin Git version 2.31.1-2 to resolve the issue. As a temporary workaround, consider avoiding the use of git checkout from untrusted repositories until the issue is resolved. Restrict access to untrusted repositories to minimize the risk of exploitation.