Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server
Vulnerability Description
go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading.
CVSS Information
N/A
Vulnerability Type
违背信任边界
Vulnerability Title
go-gh 安全漏洞
Vulnerability Description
go-gh是GitHub CLI开源的一个 Go 模块的集合。用于从命令行与 gh 和 GitHub API 交互。 go-gh 2.12.1之前版本存在安全漏洞,该漏洞源于攻击者控制的GitHub Enterprise Server可能导致在用户机器上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A