Git security vulnerabilities announced

The Git project has released new updates to address several security vulnerabilities, notably CVE-2023-25652 and CVE-2023-29007, affecting versions 2.40.0 and older, which could lead to arbitrary code execution and controlled content writes. Additionally, Git for Windows has patched vulnerabilities, including CVE-2023-25815, CVE-2023-29011, and CVE-2023-29012, that pose risks to users on shared machines and those using specific features like Git CMD and SOCKS5 proxy. Users are urged to upgrade to Git 2.40.1 or take precautionary measures such as avoiding certain commands and configurations in untrusted environments. GitHub has proactively scheduled updates for its platforms to mitigate these issues, although it is not directly affected due to its operational practices. The vulnerabilities were discovered by various security researchers, and the fixes were developed by a team including Johannes Schindelin and Taylor Blau, among others.