Description

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified --dir flag value. This vulnerability is fixed in 2.63.1.

INFO

Published Date :

2024-12-04T15:29:07.426Z

Last Modified :

2024-12-04T21:40:02.517Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-54132 vulnerability.

Vendors Products
Github
  • Cli
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-54132.

URL Resource
https://github.com/cli/cli/commit/1136764c369aaf0cae4ec2ee09dc35d871076932 cve-icon cve-icon
https://github.com/cli/cli/security/advisories/GHSA-2m9h-r57g-45pj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability