Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)
A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. ... “The Windows-specific issue involves a $PATH lookup including the current working directory, which can be leveraged to run arbitrary code when cloning repositories with Git GUI,” GitHub software engineer Taylor Blau explained, and advised git users to avoid using the Git GUI on Windows when cloning untrusted repositories. CVEs: CVE-2022-23251, CVE-2022-41903, CVE-2022-41953 [View Article](https://www.helpnetsecurity.com/2023/01/19/git-critical-vulnerabilities/)