@lionheartrox discovered that the Git LFS Windows installer was vulnerable to DLL hijacking. If an attacker could cause a user to download a malicious DLL to their downloads folder (some browsers present warnings when downloading DLL files for this reason), the code in the DLL would execute when the user ran the Git LFS installer from that same directory. We addressed the vulnerability by upgrading Inno Setup in Git LFS 1.3.1 from 5.5.8 to 5.5.9.