Chiwopsezo chachikulu chadziwika ku Git (CVE-2021-29468), chomwe chimangowoneka pomanga chilengedwe cha Cygwin (laibulale yotsatsira ma Linux API oyambira pa Windows ndi madongosolo a Linux a Windows). Chiwopsezochi chimalola kuti code yowukirayo iwonongeke potenga data ("git checkout") kuchokera kumalo otetezedwa ndi wowukirayo. Vutoli lidakhazikitsidwa mu phukusi la git 2.31.1-2 la Cygwin. Mu pulojekiti yayikulu ya Git, vutoli silinakhazikitsidwebe (ndizokayikitsa kuti wina akumanga git kwa Cygwin ndi manja awo, m'malo mogwiritsa ntchito phukusi lokonzekera).
Chiwopsezocho chimayamba chifukwa cha Cygwin kukonza chilengedwe ngati mawonekedwe a Unix m'malo mwa Windows, zomwe zimapangitsa kuti pasakhale zoletsa kugwiritsa ntchito '\' panjira, pomwe ku Cygwin, monga Windows, munthuyu akhoza kukhala. amagwiritsidwa ntchito kulekanitsa akalozera. Zotsatira zake, popanga malo osinthidwa mwapadera omwe ali ndi maulalo ophiphiritsa ndi mafayilo okhala ndi mawonekedwe a backslash, ndizotheka kubweza mafayilo osasunthika mukatsitsa chosungirachi ku Cygwin (chiwopsezo chofananacho chidakhazikitsidwa mu Git ya Windows mu 2019). Pokhala ndi kuthekera kolemba mafayilo, wowukira amatha kupitilira mafoni a hook mu git ndikupangitsa kuti codeyo ichitidwe padongosolo.
Source: opennet.ru