CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54132 – GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-54132
04 Dec 2024 — The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting fi... • https://github.com/cli/cli/commit/1136764c369aaf0cae4ec2ee09dc35d871076932 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53858 – Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli
https://notcve.org/view.php?id=CVE-2024-53858
27 Nov 2024 — The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several `gh` commands used to clone a repository with submodules from a non-GitHub host including `gh repo clone`, `gh repo fork`, and `gh pr checkout`. These GitHub CLI commands invoke git with instructions to retrieve authentication... • https://git-scm.com/docs/gitcredentials • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52308 – Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
https://notcve.org/view.php?id=CVE-2024-52308
14 Nov 2024 — The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.git... • https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 1CVE-2022-40764
https://notcve.org/view.php?id=CVE-2022-40764
03 Oct 2022 — Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957. Snyk CLI versiones anteriores ... • https://github.com/snyk/cli/releases/tag/v1.996.0 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2016-10538
https://notcve.org/view.php?id=CVE-2016-10538
31 May 2018 — The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. El paquete node-cli, en versiones anteriores a la 1.0.0, emplea de forma insegura lock_file y log_file. Ambos son temporales, pero permite que el usuario inicial sobrescriba cualquier archivo al que tenga acceso. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4027
https://notcve.org/view.php?id=CVE-2007-4027
26 Jul 2007 — Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid. Desbordamiento de búfer en el cli32 del Areca CLI 1.72.250 y versiones anteriores puede permitir a usuarios locales la obtención de privilegios mediante un argumento largo. NOTA: este programa no es de tipo setuid por defecto, pero hay algunos escenarios de uso... • http://osvdb.org/38999 •