Git for Windows uninstaller is vulnerable to DLL hijacking when run under the SYSTEM user account
Git has released a new verson to address some security vulnerabilities, As reported, we are aware that GitHub is affected. But there is a need to upgrade your local installation of Git, especifially when you are using Git on Windows or on multi-user machines. All credit goes to to 俞晨东, and the fix was authored by Johannes Schindelin. CVE-2022-24765As stated in this article, this vulnerability affects multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:\.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigate to a directory that is supposedly not a Git worktree, or open such a directory in an editor or IDE such as VS Code or Atom, which will potentially run commands defined by that other user. Vulnerability ImpactSince part of Git for Windows’ uninstaller is copied into the current user’s temporary directory and run in that pla