CVE-2024-42471P2HIGHCVSS 7.5PoC≥ 4.0.0, < 4.1.32024-09-03
[HIGH] CWE-22 @actions/download-artifact has an Arbitrary File Write via artifact extraction
@actions/download-artifact has an Arbitrary File Write via artifact extraction
### Impact
Versions of `actions/download-artifact` before 4.1.3 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames.
### Patches
Upgrade to version 4.1.3 or higher. Alternatively use 'v4' tag which points to the latest and secure vers
ghsa