1 results (0.001 seconds)
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42471 – Arbitrary File Write via artifact extraction in actions/artifact
https://notcve.org/view.php?id=CVE-2024-42471
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue. • https://github.com/actions/toolkit/security/advisories/GHSA-6q32-hq47-5qq3 https://github.com/actions/toolkit/pull/1724 https://snyk.io/research/zip-slip-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •