Any user of Git CMD who starts the command in an untrusted directory is impacted: Maliciously-placed doskey.exe would be executed silently upon running Git CMD.
Patches
The problem has been patched in Git for Windows v2.40.1.
Workarounds
Avoid using Git CMD. If using Git CMD, avoid starting it in an untrusted directory.
Impact
Any user of Git CMD who starts the command in an untrusted directory is impacted: Maliciously-placed
doskey.exewould be executed silently upon running Git CMD.Patches
The problem has been patched in Git for Windows v2.40.1.
Workarounds
Avoid using Git CMD. If using Git CMD, avoid starting it in an untrusted directory.
References
Similar vulnerabilities: