Msrc Azl3 Gh 2.62.0-8 On Azure Linux 3.0 vulnerabilities

5 known vulnerabilities affecting msrc/azl3_gh_2.62.0-8_on_azure_linux_3.0.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-25204MEDIUMCVSS 6.32025-02-11
CVE-2025-25204 [MEDIUM] CWE-390 `gh attestation verify` returns incorrect exit code during verification if no attestations are present `gh attestation verify` returns incorrect exit code during verification if no attestations are present FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up
msrc
CVE-2024-54132MEDIUMCVSS 6.32024-12-10
CVE-2024-54132 [MEDIUM] CWE-22 GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the c
msrc
CVE-2024-53859MEDIUMCVSS 6.52024-11-12
CVE-2024-53859 [MEDIUM] CWE-200 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most
msrc
CVE-2024-53858MEDIUMCVSS 6.52024-11-12
CVE-2024-53858 [MEDIUM] CWE-200 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it
msrc
CVE-2022-2879HIGHCVSS 7.52022-10-11
CVE-2022-2879 [HIGH] CWE-770 Unbounded memory consumption when reading headers in archive/tar Unbounded memory consumption when reading headers in archive/tar FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libra
msrc