Description
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg
Various Sources x_refsource_misc
https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da
Scores
CVSS v3
8.5
EPSS
0.0030
EPSS Percentile
21.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-88
Status
published
Products (8)
j6t/git-gui
< 2.43.7
j6t/git-gui
>= 2.44.0, < 2.44.4
j6t/git-gui
>= 2.45.0, < 2.45.4
j6t/git-gui
>= 2.46.0, < 2.46.4
j6t/git-gui
>= 2.47.0, < 2.47.3
j6t/git-gui
>= 2.48.0, < 2.48.2
j6t/git-gui
>= 2.49.0, < 2.49.1
j6t/git-gui
>= 2.50.0, < 2.50.1
Published
Jul 10, 2025
Tracked Since
Feb 18, 2026