This vulnerability involves argument injection in the TortoiseGitBlame component of TortoiseGit version 1.8.10.0. Maliciously crafted Git history filenames can inject command arguments improperly, resulting in arbitrary file write capabilities. The CVSS 3.1 score is 5.5 (medium), with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). No patch or remediation is currently documented by the vendor.

Successful exploitation allows an attacker with local access and the ability to interact with the user interface to write arbitrary files on the system, potentially altering files and impacting system integrity. There is no direct impact on confidentiality or availability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid opening or interacting with untrusted Git repositories containing suspicious filenames in TortoiseGitBlame. Exercise caution with local repositories from untrusted sources.