{"id":"CVE-2016-9274","details":"Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.","modified":"2026-05-18T09:58:42.570797Z","published":"2016-11-11T17:59:00.183Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94289"},{"type":"FIX","url":"https://github.com/git-for-windows/git/issues/944"},{"type":"EVIDENCE","url":"https://www.youtube.com/watch?v=S7jOLv0sul0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/git-for-windows/git","events":[{"introduced":"8d712aafd2df3c1f5147a28947f98cefe667cf76"},{"last_affected":"34d5217584ee4722d0c0b07ed6c8f1f01ad157c3"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"1.0.0"},{"last_affected":"1.9.4"}],"cpe":"cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9274.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}