Git GUI Directory Traversal Vulnerability Allowing File Overwrite
Vulnerability
A vulnerability in Git GUI versions through 2.50.0 allows for unintended file overwriting. This occurs when a user clones an untrusted repository and is manipulated into editing a file in a directory with a deceptive name. Under these circumstances, Git GUI can create and replace files that the user has permission to modify.
Impact
Exploitation of this vulnerability can lead to unauthorized file creation and overwriting, potentially causing data loss or corruption.
Reproduction
To reproduce this vulnerability, clone an untrusted Git repository that contains a file in a maliciously named directory. Once the repository is cloned, use Git GUI to edit the file. The application will inadvertently create or overwrite files in locations where the user has write access.
Remediation
Users can upgrade to Git GUI versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, or 2.50.1 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.