CVE-2024-48908 lychee-action vulnerable to arbitrary code injection in composite action

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

CVE-2024-48908 lychee-action vulnerable to arbitrary code injection in composite action

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

CVE-2024-48908

The CVE-2024-48908 entry relates to the lychee-action composite action, where the lychee-setup step in action.yml could enable arbitrary code injection prior to version 2.0.2. Affected component: lychee-action (via lychee-setup). Root cause: insecure handling in the setup of lychee within the com...

GHSA-65RG-554R-9J5X lychee link checking action affected by arbitrary code injection in composite action

Summary There is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. Details The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. PoC yaml - uses: lycheeverse/lychee@v2...

lychee link checking action affected by arbitrary code injection in composite action

Summary There is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. Details The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. PoC yaml - uses: lycheeverse/lychee@v2...