4 matches found
GitHub CLI 路径遍历漏洞
GitHub CLI is the GitHub CLI open source for GitHub on the command line. A path traversal vulnerability exists in GitHub CLI version 2.63.0 and earlier, which stems from the possibility that files may be created or overwritten in unintended directories when a user downloads a malicious GitHub...
GHSA-5XR6-XHWW-33M4 Artifact poisoning vulnerability in action-download-artifact v5 and earlier
Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...
Artifact poisoning vulnerability in action-download-artifact v5 and earlier
Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...
PT-2024-40108 · Github Actions · Dawidd6/Action-Download-Artifact
Name of the Vulnerable Software and Affected Versions: dawidd6/action-download-artifact versions prior to v6 Description: The issue allows an unprivileged attacker to introduce compromised artifacts into a privileged workflow context by exploiting the default behavior of searching a repository's...