Lucene search
K

4 matches found

CNNVD
CNNVD
added 2024/12/04 12:0 a.m.5 views

GitHub CLI 路径遍历漏洞

GitHub CLI is the GitHub CLI open source for GitHub on the command line. A path traversal vulnerability exists in GitHub CLI version 2.63.0 and earlier, which stems from the possibility that files may be created or overwritten in unintended directories when a user downloads a malicious GitHub...

6.3CVSS6.5AI score0.00633EPSS
Exploits0References2
OSV
OSV
added 2024/11/25 3:26 p.m.4 views

GHSA-5XR6-XHWW-33M4 Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

8.7CVSS6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/11/25 3:26 p.m.23 views

Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

6.9AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.2 views

PT-2024-40108 · Github Actions · Dawidd6/Action-Download-Artifact

Name of the Vulnerable Software and Affected Versions: dawidd6/action-download-artifact versions prior to v6 Description: The issue allows an unprivileged attacker to introduce compromised artifacts into a privileged workflow context by exploiting the default behavior of searching a repository's...

8.7CVSS7AI score
Exploits0References5
Rows per page
Query Builder