Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability
Vulnerability Description
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified --dir flag value. This vulnerability is fixed in 2.63.1.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
GitHub CLI 路径遍历漏洞
Vulnerability Description
GitHub CLI是GitHub CLI开源的一个命令行上的 GitHub。 GitHub CLI 2.63.0及之前版本存在路径遍历漏洞,该漏洞源于当用户通过gh run download下载恶意的GitHub Actions工作流工件时,可能会在未预期的目录中创建或覆盖文件。
CVSS Information
N/A
Vulnerability Type
N/A