1 results (0.002 seconds)
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42471 – Arbitrary File Write via artifact extraction in actions/artifact
https://notcve.org/view.php?id=CVE-2024-42471
02 Sep 2024 — actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue. actions/artifact is the GitHub ToolKit for developing GitH... • https://github.com/actions/toolkit/security/advisories/GHSA-6q32-hq47-5qq3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •