CVE-2022-31012

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.37.1

Description The issue is related to the Git for Windows installer executing a binary into C:mingw64bingit.exe by mistake, which occurs only during a fresh install, not when upgrading. This is due to an unreliable path search. The exploitation of this issue may allow an attacker to execute arbitrary code. A patch is included in version 2.37.1.

Recommendations For versions prior to 2.37.1, update to version 2.37.1 to resolve the issue. As a temporary workaround, create the C:mingw64 folder and remove read/write access from this folder. Alternatively, disallow arbitrary authenticated users to create folders in C: to minimize the risk of exploitation.