{"vulnerability": "CVE-2022-31012", "sightings": [{"uuid": "408d02c9-2f08-42c9-b6f5-e63028c2d361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31012", "type": "seen", "source": "https://t.me/cibsecurity/46095", "content": "\u203c CVE-2022-31012 \u203c\n\nGit for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\\mingw64\\bin\\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is included in version 2.37.1. Two workarounds are available. Create the `C:\\mingw64` folder and remove read/write access from this folder, or disallow arbitrary authenticated users to create folders in `C:\\`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-13T00:25:34.000000Z"}]}