Github.Com Cli Cli vulnerabilities
2 known vulnerabilities affecting github.com/cli_cli.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-54132MEDIUM≥ 0, ≤ 1.14.02024-12-04
CVE-2024-54132 [MEDIUM] CWE-22 Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
### Summary
A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through `gh run download`.
### Details
This vulnerability stems from a GitHu
ghsaosv
CVE-2024-52308HIGH≥ 0, < 2.62.02024-11-14
CVE-2024-52308 [HIGH] CWE-77 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
### Summary
A security vulnerability has been identified in GitHub CLI that could allow remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the `gh codespace ssh` or `gh codespace logs` commands.
### Details
The vulnerability
ghsaosv