CVE-2023-22743

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.39.2

Description The issue is related to the Windows port of the revision control system Git. By carefully crafting a DLL and placing it into a subdirectory of a specific name next to the Git for Windows installer, Windows can be tricked into side-loading the DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation.

Recommendations For Git for Windows versions prior to 2.39.2, update to version 2.39.2 to resolve the issue. As a temporary workaround, never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.