11 matches found
EUVD-2023-0514
Malicious code in bioql PyPI...
CVE-2023-22726
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege...
GO-2023-1504 act vulnerable to arbitrary file upload in artifact server in github.com/nektos/act
act vulnerable to arbitrary file upload in artifact server in github.com/nektos/act...
CVE-2023-22726
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege...
CVE-2023-22726 Unrestricted file upload leading to privilege escalation in act
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege...
CVE-2023-22726
Summary: CVE-2023-22726 affects the act project (local GitHub Actions runner). The artifact server does not sanitize path inputs, enabling path traversal via user-controlled paths on both the /upload and /artifact endpoints, which can lead to arbitrary file download and potential overwrites on th...
CVE-2023-22726 Unrestricted file upload leading to privilege escalation in act
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege...
CVE-2023-22726 Unrestricted file upload leading to privilege escalation in act
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege...
GHSA-PC99-QMG4-RCFF act vulnerable to arbitrary file upload in artifact server
Impact The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. Issue 1: Arbitrary file upload in artifact serve...
act vulnerable to arbitrary file upload in artifact server
Impact The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. Issue 1: Arbitrary file upload in artifact serve...
PT-2023-18667 · Act · Act
Name of the Vulnerable Software and Affected Versions: act versions prior to 0.2.40 Description: The artifact server in act does not sanitize path inputs, allowing an attacker to download and overwrite arbitrary files on the host from a Github Action, potentially leading to privilege escalation...