4 matches found
SUSE CVE-2025-25204
gh is GitHub's official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
...
AZL-56885 CVE-2025-25204 affecting package gh for versions less than 2.62.0-6
gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...
GitHub CLI 安全漏洞
GitHub CLI is the GitHub CLI open source for GitHub on the command line. A security vulnerability exists in GitHub CLI versions prior to 2.49.0 through 2.67.0, which stems from the gh attestation verify tool returning an error in status, which could lead an attacker to deploy malicious artifacts...