Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

...

GO-2024-3269 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli...

CVE-2024-52308

The CVE concerns GitHub CLI (gh) where versions 2.6.1 and earlier are vulnerable to remote code execution via a malicious Codespaces SSH server when using gh codespace ssh or gh codespace logs. The root cause is how the CLI handles SSH connection details (e.g., remote username) retrieved for SSH ...

CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...