23 matches found
Azure Linux 3.0 Security Update: gh (CVE-2024-53859)
The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53859 advisory. - go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security...
EUVD-2024-3396
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-48938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 whe...
AZL-62282 CVE-2025-48938 affecting package gh for versions less than 2.62.0-9
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...
CVE-2025-48938
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...
DEBIAN-CVE-2025-48938
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...
CVE-2025-48938
The CVE-2025-48938 issue affects go-gh (Go modules for GitHub CLI extensions). In affected versions before 2.12.1, an attacker-controlled GitHub Enterprise Server could cause arbitrary commands to run on a user’s machine by substituting HTTP URLs from GitHub with local file paths during browsing....
PT-2025-23335 · Go-Gh +1 · Go-Gh +1
Name of the Vulnerable Software and Affected Versions: go-gh versions prior to 2.12.1 Description: A security issue has been identified where an attacker-controlled GitHub Enterprise Server could execute arbitrary commands on a user's machine. This is achieved by replacing HTTP URLs provided by...
Ubuntu: Security Advisory (USN-7362-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7362-1 golang-github-cli-go-gh-v2 vulnerability
It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. CVE-2024-53859...
Ubuntu 24.04 LTS / 24.10 : go-gh vulnerability (USN-7362-1)
The remote Ubuntu 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7362-1 advisory. It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wro...
Linux Distros Unpatched Vulnerability : CVE-2024-53859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that...
go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
...
GO-2024-3295 Violation of GitHub host security boundary when sourcing authentication token within a codespace in github.com/cli/go-gh
Violation of GitHub host security boundary when sourcing authentication token within a codespace in github.com/cli/go-gh...
CVE-2024-53859
go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...
DEBIAN-CVE-2024-53859
go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...
GHSA-55V3-XH23-96GH `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Summary A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. Details go-gh sources authentication tokens from different environment variables depending on the host involved: - GITHUBTOKEN...
CVE-2024-53859 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...
CVE-2024-53859 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...
CVE-2024-53859 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...