CVE-2022-31012

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-31012

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31012.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31012

Aliases

GHSA-gjrj-fxvp-hjj2

Published

2022-07-12T20:35:15Z

Modified

2026-04-10T04:47:43.551964Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Git for Windows' installer can be tricked into executing an untrusted binary

Details

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into C:\mingw64\bin\git.exe by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the C:\mingw64 folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in C:\.

Database specific

{
    "cwe_ids": [
        "CWE-426"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31012.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/git-for-windows/git

Affected ranges

Type: GIT
Repo: https://github.com/git-for-windows/git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

323a69709944b193bb5cee81ff09fe9a4a686df5

Affected versions

v0.*

v0.99

v0.99.1

v0.99.2

v0.99.3

v0.99.4

v0.99.5

v0.99.6

v0.99.7

v0.99.8

v0.99.8a

v0.99.8b

v0.99.8c

v0.99.8d

v0.99.8e

v0.99.8f

v0.99.8g

v0.99.9a

v0.99.9b

v0.99.9c

v0.99.9d

v0.99.9e

v0.99.9f

v0.99.9g

v0.99.9h

v0.99.9i

v0.99.9j

v0.99.9k

v0.99.9l

v0.99.9m

v0.99.9n

v1.*

v1.0.0

v1.0rc1

v1.0rc2

v1.0rc3

v1.0rc4

v1.0rc5

v1.0rc6

v1.1.0

v1.2.0

v1.3.0-rc1

v1.4.1

v1.4.1-rc1

v1.4.1-rc2

v1.4.2

v1.4.2-rc1

v1.4.2-rc2

v1.4.2-rc3

v1.4.2-rc4

v1.4.3

v1.4.3-rc1

v1.4.3-rc2

v1.4.3-rc3

v1.4.4

v1.4.4-rc1

v1.4.4-rc2

v1.4.4.1

v1.5.0

v1.5.0-rc0

v1.5.0-rc1

v1.5.0-rc2

v1.5.0-rc3

v1.5.0-rc4

v1.5.1

v1.5.1-rc1

v1.5.1-rc2

v1.5.1-rc3

v1.5.2

v1.5.2-rc0

v1.5.2-rc1

v1.5.2-rc2

v1.5.2-rc3

v1.5.3

v1.5.3-rc0

v1.5.3-rc1

v1.5.3-rc2

v1.5.3-rc3

v1.5.3-rc4

v1.5.3-rc5

v1.5.3-rc6

v1.5.3-rc7

v1.5.3.1

v1.5.4

v1.5.4-rc0

v1.5.4-rc1

v1.5.4-rc2

v1.5.4-rc3

v1.5.4-rc4

v1.5.4-rc5

v1.5.5

v1.5.5-rc0

v1.5.5-rc1

v1.5.5-rc2

v1.5.5-rc3

v1.5.6

v1.5.6-rc0

v1.5.6-rc1

v1.5.6-rc2

v1.5.6-rc3

v1.6.0

v1.6.0-rc0

v1.6.0-rc1

v1.6.0-rc2

v1.6.0-rc3

v1.6.1

v1.6.1-rc1

v1.6.1-rc2

v1.6.1-rc3

v1.6.1-rc4

v1.6.2

v1.6.2-rc0

v1.6.2-rc1

v1.6.2-rc2

v1.6.3

v1.6.3-rc0

v1.6.3-rc1

v1.6.3-rc2

v1.6.3-rc3

v1.6.3-rc4

v1.6.4

v1.6.4-rc0

v1.6.4-rc1

v1.6.4-rc2

v1.6.4-rc3

v1.6.5

v1.6.5-rc0

v1.6.5-rc1

v1.6.5-rc2

v1.6.5-rc3

v1.6.6

v1.6.6-rc0

v1.6.6-rc1

v1.6.6-rc2

v1.6.6-rc3

v1.6.6-rc4

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.7.0-rc2

v1.7.1

v1.7.1-rc0

v1.7.1-rc1

v1.7.1-rc2

v1.7.10

v1.7.10-rc0

v1.7.10-rc1

v1.7.10-rc2

v1.7.10-rc3

v1.7.10-rc4

v1.7.11

v1.7.11-rc0

v1.7.11-rc1

v1.7.11-rc2

v1.7.11-rc3

v1.7.12

v1.7.12-rc0

v1.7.12-rc1

v1.7.12-rc2

v1.7.12-rc3

v1.7.2

v1.7.2-rc0

v1.7.2-rc1

v1.7.2-rc2

v1.7.2-rc3

v1.7.3

v1.7.3-rc0

v1.7.3-rc1

v1.7.3-rc2

v1.7.3.1

v1.7.4

v1.7.4-rc0

v1.7.4-rc1

v1.7.4-rc2

v1.7.4-rc3

v1.7.5

v1.7.5-rc0

v1.7.5-rc1

v1.7.5-rc2

v1.7.5-rc3

v1.7.6

v1.7.6-rc0

v1.7.6-rc1

v1.7.6-rc2

v1.7.6-rc3

v1.7.7

v1.7.7-rc0

v1.7.7-rc1

v1.7.7-rc2

v1.7.7-rc3

v1.7.8

v1.7.8-rc0

v1.7.8-rc1

v1.7.8-rc2

v1.7.8-rc3

v1.7.8-rc4

v1.7.9

v1.7.9-rc0

v1.7.9-rc1

v1.7.9-rc2

v1.8.0

v1.8.0-rc0

v1.8.0-rc1

v1.8.0-rc2

v1.8.0-rc3

v1.8.1

v1.8.1-rc0

v1.8.1-rc1

v1.8.1-rc2

v1.8.1-rc3

v1.8.2

v1.8.2-rc0

v1.8.2-rc1

v1.8.2-rc2

v1.8.2-rc3

v1.8.3

v1.8.3-rc0

v1.8.3-rc1

v1.8.3-rc2

v1.8.3-rc3

v1.8.4

v1.8.4-rc0

v1.8.4-rc1

v1.8.4-rc2

v1.8.4-rc3

v1.8.4-rc4

v1.8.5

v1.8.5-rc0

v1.8.5-rc1

v1.8.5-rc2

v1.8.5-rc3

v1.9-rc0

v1.9-rc1

v1.9-rc2

v1.9.0

v1.9.0-rc3

v2.*

v2.0.0

v2.0.0-rc0

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.1.0

v2.1.0-rc0

v2.1.0-rc1

v2.1.0-rc2

v2.10.0

v2.10.0-rc0

v2.10.0-rc1

v2.10.0-rc2

v2.11.0

v2.11.0-rc0

v2.11.0-rc1

v2.11.0-rc2

v2.11.0-rc3

v2.12.0

v2.12.0-rc0

v2.12.0-rc1

v2.12.0-rc2

v2.13.0

v2.13.0-rc0

v2.13.0-rc1

v2.13.0-rc2

v2.14.0

v2.14.0-rc0

v2.14.0-rc1

v2.15.0

v2.15.0-rc0

v2.15.0-rc1

v2.15.0-rc2

v2.16.0

v2.16.0-rc0

v2.16.0-rc1

v2.16.0-rc2

v2.17.0

v2.17.0-rc0

v2.17.0-rc1

v2.17.0-rc2

v2.18.0

v2.18.0-rc0

v2.18.0-rc1

v2.18.0-rc2

v2.19.0

v2.19.0-rc0

v2.19.0-rc1

v2.19.0-rc2

v2.2.0

v2.2.0-rc0

v2.2.0-rc1

v2.2.0-rc2

v2.2.0-rc3

v2.21.0

v2.22.0-rc0

v2.27.0-rc1

v2.3.0

v2.3.0-rc0

v2.3.0-rc1

v2.3.0-rc2

v2.30.0-rc2

v2.4.0

v2.4.0-rc0

v2.4.0-rc1

v2.4.0-rc2

v2.4.0-rc3

v2.5.0

v2.5.0-rc0

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.6.0

v2.6.0-rc0

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

v2.7.0

v2.7.0-rc0

v2.7.0-rc1

v2.7.0-rc2

v2.7.0-rc3

v2.8.0

v2.8.0-rc0

v2.8.0-rc1

v2.8.0-rc2

v2.8.0-rc3

v2.8.0-rc4

v2.9.0

v2.9.0-rc0

v2.9.0-rc1

v2.9.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31012.json"