Name of the Vulnerable Software and Affected Versions:

Git versions 2.43.7 through 2.49.1

Description:

The issue allows for the creation and truncation of any writable file when a user clones an untrusted repository and runs Gitk without additional command arguments, provided the "Support per-file encoding" option is enabled. Additionally, the operation "Show origin of this line" is affected, regardless of the option being enabled or not. Multiple vulnerabilities were fixed in Git, including arbitrary code execution and buffer overflows.

Recommendations:

For Git versions 2.43.7 through 2.49.1, update to a version newer than 2.49.1 to resolve the issue.

As a temporary workaround, consider disabling the "Support per-file encoding" option and restricting the use of Gitk until a patch is available.

Avoid using the "Show origin of this line" operation in Gitk for untrusted repositories until the issue is resolved.