CVE-2024-54132
published 2024-12-04CVE-2024-54132: The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in…
PriorityP337medium6.3CVSS 4.0
AVNACHATNPRNUINVCNVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUGreen
EPSS
0.63%
45.8th percentile
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified --dir flag value. This vulnerability is fixed in 2.63.1.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cli | cli | < 2.63.1 | 2.63.1 |
| debian | gh | < gh 2.46.0-3 (sid) | gh 2.46.0-3 (sid) |
| github.com | cli_cli | 0 – 1.14.0 | — |
| github.com | cli_cli_v2 | >= 0 < 2.63.1 | 2.63.1 |
| msrc | azl3_gh_2.62.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_gh_2.62.0-8_on_azure_linux_3.0 | — | — |
| msrc | cbl2_gh_2.13.0-23_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_gh_2.13.0-24_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
osv6.5MEDIUM
vendor_ubuntu6.5MEDIUM
vendor_debian6.3MEDIUM
vendor_msrc6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
gh vulnerabilities
osv·2026-02-04·CVSS 6.5
CVE-2024-54132 [MEDIUM] gh vulnerabilities
gh vulnerabilities
It was discovered that GitHub CLI could behave unexpectedly if users
downloaded a malicious GitHub Actions workflow artifact through gh run
download. An attacker could possibly use this issue to create or overwrite
files in unintended directories. (CVE-2024-54132)
It was discovered that GitHub CLI could behave unexpectedly when cloning
repositories containing git submodules hosted outside of GitHub.com and
ghe.com. An attacker could possibly use this issue to gather authentication
tokens. (CVE-2024-53858)
GHSA
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
ghsa·2024-12-04
CVE-2024-54132 [MEDIUM] CWE-22 Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
### Summary
A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through `gh run download`.
### Details
This vulnerability stems from a GitHub Actions workflow artifact named `..` when downloaded using `gh run download`. The artifact name and `--dir` flag are used to determine the artifact’s download path. When the artifact is named `..`, the resulting files within the artifact are extracted exactly 1 directory higher than the specified `--dir` flag value.
In `2.63.1`, `gh run download` will not download artifacts named `..` and `.` and instead exit with the f
OSV
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
osv·2024-12-04
CVE-2024-54132 [MEDIUM] Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
### Summary
A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through `gh run download`.
### Details
This vulnerability stems from a GitHub Actions workflow artifact named `..` when downloaded using `gh run download`. The artifact name and `--dir` flag are used to determine the artifact’s download path. When the artifact is named `..`, the resulting files within the artifact are extracted exactly 1 directory higher than the specified `--dir` flag value.
In `2.63.1`, `gh run download` will not download artifacts named `..` and `.` and instead exit with the f
OSV
CVE-2024-54132: The GitHub CLI is GitHub’s official command line tool
osv·2024-12-04·CVSS 6.3
CVE-2024-54132 [MEDIUM] CVE-2024-54132: The GitHub CLI is GitHub’s official command line tool
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified --dir flag value. This vulnerability is fixed in 2.63.1.
OSV
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
osv·2024-12-04
CVE-2024-54132 Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
Ubuntu
GitHub CLI vulnerabilities
vendor_ubuntu·2026-02-04·CVSS 6.5
CVE-2024-53858 [MEDIUM] GitHub CLI vulnerabilities
Title: GitHub CLI vulnerabilities
Summary: Several security issues were fixed in GitHub CLI.
It was discovered that GitHub CLI could behave unexpectedly if users
downloaded a malicious GitHub Actions workflow artifact through gh run
download. An attacker could possibly use this issue to create or overwrite
files in unintended directories. (CVE-2024-54132)
It was discovered that GitHub CLI could behave unexpectedly when cloning
repositories containing git submodules hosted outside of GitHub.com and
ghe.com. An attacker could possibly use this issue to gather authentication
tokens. (CVE-2024-53858)
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability
vendor_msrc·2024-12-10·CVSS 6.3
CVE-2024-54132 [MEDIUM] CWE-22 GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability
GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required:
Debian
CVE-2024-54132: gh - The GitHub CLI is GitHub’s official command line tool. A security vulnerability ...
vendor_debian·2024·CVSS 6.3
CVE-2024-54132 [MEDIUM] CVE-2024-54132: gh - The GitHub CLI is GitHub’s official command line tool. A security vulnerability ...
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified --dir flag value. This vulnerability is fixed in 2.63.1.
Scope: local
bookworm: open
sid: resolved (fixed in 2.46.0-3)
trixie: resolved (fixed in 2.46.0-3)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-04
Published