• EN

Multiple CVE's - Git & Git for Windows

dips
Userlevel 7
Badge +7
  • dips
  • Veeam Legend
  • 716 comments

Apologies for the radio silence recently. Had some terrible family news over Christmas and New Year. 

Anyway, the following have been published regarding Git and rated has Critical:

The last CVE is still to be patched and affects Git for Windows. As a workaround, do not use the GUI from clone a repository, especially from untrusted sources.

Therefore, malicious repositories can ship with an aspell.exe in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code.

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk

10 comments

Chris.Childerhose
Userlevel 7
Badge +20

Sorry to hear about your news hope all is well now.  Thanks for sharing these latest updates.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
marcofabbri
Userlevel 7
Badge +13

Sorry to read that @dips

A giant hug from Italy.

Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
marcofabbri
Userlevel 7
Badge +13

Talking about that, there’s a full analysis here: https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/

And here to check about last update: https://about.gitlab.com/update/

Note: GitLab releases have skipped 15.7.4, 15.6.5, and 15.5.8.

Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
Geoff Burke
Userlevel 7
Badge +22

Sorry to hear that as well Dips. Stay Strong!

VMCA2022, VMCE2023, CKA, CKAD, KCNA, LFCS, PCA,TARS
JMeixner
Userlevel 7
Badge +17

Sorry to hear this @dips. All the best.

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2023 | Veeam Certified Architect (VMCA) 2022 | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
Iams3le
Userlevel 7
Badge +9

Sorry to hear this @dips. Stay strong!

[Microsoft MVP | Veeam Legend 5* | VMware vExpert 4* | Cisco Champion 3*]
I
Userlevel 7
Badge +4

Sorry to hear .. hope all good now !

Inder | www.thenetworkdna.com | Twitter @inder8588
Madi.Cristil
Userlevel 7
Badge +7

Sorry to hear that, @dips ! :( Hope you are well! 

Madi Cristil
dips
Userlevel 7
Badge +7

Thanks everyone! Getting there :)

Hope you all have a good weekend!

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk
Nico Losschaert
Userlevel 7
Badge +11

Thx for sharing @dips and good luck with your unfortunate news...🤞

#Veeam Legend 5* | VMCA 2* | VMCE 3* | VMTSP+ 2* | VMSP 2* | DCIE 2* | Loves Best Practices | Twitter : @NLosschaert

Comment


Terms & Conditions