CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...

CVE-2024-52308

The CVE concerns GitHub CLI (gh) where versions 2.6.1 and earlier are vulnerable to remote code execution via a malicious Codespaces SSH server when using gh codespace ssh or gh codespace logs. The root cause is how the CLI handles SSH connection details (e.g., remote username) retrieved for SSH ...

CVE-2024-52308

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...

CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...

CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

Summary A security vulnerability has been identified in GitHub CLI that could allow remote code execution RCE when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands. Details The vulnerability stems from the way GitHub CLI handles SSH...

GHSA-P2H2-3VG9-4P87 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

Summary A security vulnerability has been identified in GitHub CLI that could allow remote code execution RCE when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands. Details The vulnerability stems from the way GitHub CLI handles SSH...

Malicious code in mdap-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2463538f2c8446c6a068b5eef41b3088105f8292ea4b22e3cec1066ff3822ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10758 Malicious code in mdap-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2463538f2c8446c6a068b5eef41b3088105f8292ea4b22e3cec1066ff3822ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in marketing-jest-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab6ca86b3958ca21a43d81429cfad45bf1ded2515bc8fafc3307885ed2f6b869 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GitHub CLI 命令注入漏洞

GitHub CLI is GitHub CLI open source a GitHub on the command line. A command injection vulnerability exists in GitHub CLI version 2.61.0 and prior versions. An attacker exploiting this vulnerability could execute remote code via a malicious codespace SSH server...

Fedora 41 : ghc-base64 / ghc-hakyll / ghc-isocline / gitit / pandoc / etc (2024-d62088b505)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-d62088b505 advisory. pandoc-cli replaces pandoc binary package Security fix for CVE-2023-35936 and CVE-2023-35936 newly packaged ghc-base64 and ghc-isocline Tenable has...

Fedora 41 : oci-cli / python-oci (2024-ee636be6ff)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ee636be6ff advisory. oci-cli 3.41.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this iss...

Fedora 41 : oci-cli / python-oci (2024-13270a731d)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-13270a731d advisory. Update oci-cli to 3.43.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.38 packages and security update

Red Hat OpenShift Container Platform release 4.15.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.38 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

The vulnerability of the command-line interface (CLI) of Juniper Networks Junos OS Evolved operating systems, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the command-line interface CLI of Juniper Networks Junos OS Evolved operating systems is related to the incorrect use of standard permissions. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

WordPress Database Scanning For Malware Released in Wordfence CLI 5.0.1

Today we’re excited to announce the recent release of Wordfence CLI version 5.0.1 which includes a much requested feature from security analysts, hosting providers and ops teams: Database scanning for WordPress. Now you can scan any WordPress database you have access to for malware and...

Boa (>=0.13.0 <=0.13.1), arci-urdf-viz (>=0.0.7 <=0.1.0) +88 more potentially affected by unknown CVE via fast-float (=0.2.0)

fast-float CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fast-float and may be impacted: - Boa =0.13.0, =0.0.7, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.19.0, =0.3.0, =0.4.1, =0.6.2, =0.3.2, =0.4.1, =0.3.2, =0.20.2 and more Source cves...

CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...