Git for Windows 2.45.1

Andres Bohren
Git for Windows 2.45.1

Hi All,

Today i noticed that there is an update for Git

Securing Git: Addressing 5 new vulnerabilities

  • CVE-2024-32002 (Critical, Windows & macOS): Git repositories with submodules can trick Git into executing a hook from the .git/ directory during a clone operation, leading to Remote Code Execution.
  • CVE-2024-32004 (High, multi-user machines): An attacker can craft a local repository that executes arbitrary code when cloned.
  • CVE-2024-32465 (High, all setups): Cloning from .zip files containing Git repositories can bypass protections, potentially executing unsafe hooks.
  • CVE-2024-32020 (Low, multi-user machines): Local clones on the same disk can allow untrusted users to modify hard-linked files in the cloned repository’s object database.
  • CVE-2024-32021 (Low, multi-user machines): Cloning a local repository with symlinks can result in hard-linking to arbitrary files in the objects/ directory.

Let’s have a look at the installed version

git -v

to update use the command below (cmd must be started “As Administrator”)

git update-git-for-windows

This will download and start the update installer

Let’s check the git version after the update

git -v

You can also download it here: https://git-scm.com/

Regards
Andres Bohren

vscode Logo