119 matches found
CVE-2024-52308
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
DEBIAN-CVE-2024-52308
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
CVE-2024-52308
The CVE concerns GitHub CLI (gh) where versions 2.6.1 and earlier are vulnerable to remote code execution via a malicious Codespaces SSH server when using gh codespace ssh or gh codespace logs. The root cause is how the CLI handles SSH connection details (e.g., remote username) retrieved for SSH ...
CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
CVE-2024-52308
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
GitHub CLI 命令注入漏洞
GitHub CLI is GitHub CLI open source a GitHub on the command line. A command injection vulnerability exists in GitHub CLI version 2.61.0 and prior versions. An attacker exploiting this vulnerability could execute remote code via a malicious codespace SSH server...
Fedora: Security Advisory (FEDORA-2023-684eb03db0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-cli-oauth (FEDORA-2023-cb20f08a4e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-cli-crypto (FEDORA-2023-cb20f08a4e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-cli-gh (FEDORA-2023-cb20f08a4e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: golang-github-cli-crypto-0-0.2.20230331git6be313f.fc37
GitHub's golang-crypto fork required for gh...
AZL-43338 CVE-2021-43565 affecting package gh for versions less than 2.13.0-19
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
[SECURITY] Fedora 36 Update: golang-github-cli-gh-0.0.3-1.20220614git9dbbfe2.fc36
A Go module for interacting with gh and the GitHub API from the command line...
Fedora: Security Advisory for golang-github-cli-gh (FEDORA-2022-c2ca66a0f8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Arbitrary Code Execution
github.com/cli/cli is vulnerable to arbitrary code execution. An attacker can inject and execute malicious .\git.exe or .\git.bat files through the %PATH% variable on windows when gh runs on the current working directory...
GitHub CLI can execute a git binary from the current directory
Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...
GHSA-FQFH-778M-2V32 GitHub CLI can execute a git binary from the current directory
Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...
Exploit for Uncontrolled Search Path Element in Git_Large_File_Storage_Project Git_Large_File_Storage
Git-lfs Remote Code Execution RCE exploit CVE-2020-27955 .b...