Lucene search
K

132 matches found

RedhatCVE
RedhatCVE
added 2025/08/30 6:16 p.m.3 views

CVE-2024-48908

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

9.1CVSS7.6AI score0.00359EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/08/28 11:36 p.m.4 views

SUSE CVE-2024-48908

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

9.1CVSS7.8AI score0.00359EPSS
Exploits0References3
NVD
NVD
added 2025/08/28 3:15 p.m.4 views

CVE-2024-48908

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

9.1CVSS0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/28 2:56 p.m.9 views

CVE-2024-48908 lychee-action vulnerable to arbitrary code injection in composite action

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

9.1CVSS0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/28 2:56 p.m.3 views

CVE-2024-48908 lychee-action vulnerable to arbitrary code injection in composite action

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

9.1CVSS7.2AI score0.00359EPSS
Exploits0References2
CVE
CVE
added 2025/08/28 2:56 p.m.16 views

CVE-2024-48908

The CVE-2024-48908 entry relates to the lychee-action composite action, where the lychee-setup step in action.yml could enable arbitrary code injection prior to version 2.0.2. Affected component: lychee-action (via lychee-setup). Root cause: insecure handling in the setup of lychee within the com...

9.1CVSS7.2AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2025/08/28 2:56 p.m.5 views

CVE-2024-48908 lychee-action vulnerable to arbitrary code injection in composite action

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2...

9.1CVSS7.5AI score0.00359EPSS
Exploits0References4
OSV
OSV
added 2025/08/28 2:40 p.m.6 views

GHSA-65RG-554R-9J5X lychee link checking action affected by arbitrary code injection in composite action

Summary There is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. Details The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. PoC yaml - uses: lycheeverse/lychee@v2...

9.1CVSS8AI score0.00359EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/28 2:40 p.m.7 views

lychee link checking action affected by arbitrary code injection in composite action

Summary There is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. Details The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. PoC yaml - uses: lycheeverse/lychee@v2...

9.1CVSS8AI score0.00359EPSS
Exploits0References4Affected Software1
Circl
Circl
added 2025/08/28 1:24 p.m.8 views

CVE-2024-48908

creationtimestamp| type| source ---|---|--- 2025-08-28 13:24:35+00:00| published-proof-of-concept| https://github.com/lycheeverse/lychee-action/security/advisories/GHSA-65rg-554r-9j5x...

9.1CVSS5.8AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.4 views

Lychee 代码注入漏洞

Lychee is a beautiful and easy-to-use photo management system open-sourced by The Lychee Organisation. It is used to manage and share photos. A code injection vulnerability exists in Lychee versions prior to 2.0.2, which stems from a possible arbitrary code injection in lychee-setup...

9.1CVSS7.4AI score0.00359EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.6 views

PT-2025-35094

Name of the Vulnerable Software and Affected Versions: lychee link checking action versions prior to 2.0.2 Description: The GitHub Action variable inputs.lycheeVersion can be used to execute arbitrary code in the context of the action. This can potentially compromise the security of the target...

9.1CVSS7.1AI score0.00359EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/06/29 1:20 p.m.7 views

CVE-2025-53018

Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery SSRF vulnerability exists in the /api/v2/Photo::fromUrl endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any URL they choose...

3CVSS7AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2025/06/27 1:15 p.m.8 views

CVE-2025-53018

Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery SSRF vulnerability exists in the /api/v2/Photo::fromUrl endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any URL they choose...

3CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/27 1:0 p.m.12 views

CVE-2025-53018 Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs

Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery SSRF vulnerability exists in the /api/v2/Photo::fromUrl endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any URL they choose...

3CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 2025/06/27 1:0 p.m.6 views

CVE-2025-53018 Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs

Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery SSRF vulnerability exists in the /api/v2/Photo::fromUrl endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any URL they choose...

3CVSS6.8AI score0.00168EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/27 1:0 p.m.5 views

CVE-2025-53018 Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs

Lychee is a free, open-source photo-management tool. Prior to version 6.6.13, a critical Server-Side Request Forgery SSRF vulnerability exists in the /api/v2/Photo::fromUrl endpoint. This flaw lets an attacker instruct the application’s backend to make HTTP requests to any URL they choose...

3CVSS7AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2025/06/27 1:0 p.m.30 views

CVE-2025-53018

Lychee prior to v6.6.13 contains a Server-Side Request Forgery in the /api/v2/Photo::fromUrl endpoint. The flaw allows the backend to fetch arbitrary URLs server-side (via fopen()) with no IP validation, allow-list, timeout, or size limits, enabling an attacker to target internal resources (e.g.,...

3CVSS6.4AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.7 views

PT-2025-27148 · Lychee · Lychee

Name of the Vulnerable Software and Affected Versions: Lychee versions prior to 6.6.13 Description: A critical Server-Side Request Forgery SSRF issue exists in the "/api/v2/Photo::fromUrl" endpoint, allowing an attacker to instruct the application's backend to make HTTP requests to any URL they...

3CVSS7.1AI score0.00168EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.5 views

Lychee 安全漏洞

Lychee is a beautiful and easy to use photo management system open-sourced by The Lychee Organisation. It is used to manage and share photos. A security vulnerability exists in Lychee versions prior to 6.6.13, which stems from a server-side request forgery in the /api/v2/Photo::fromUrl endpoint...

3CVSS6.6AI score0.00168EPSS
Exploits0References2
Rows per page
Query Builder