CVE-2025-54956

Опубликовано: 03 авг. 2025

Источник: debian

EPSS Низкий

Описание

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.

Пакеты

Пакет	Статус	Релиз	Тип
r-cran-gh	unfixed		package
r-cran-gh	no-dsa	trixie	package
r-cran-gh	no-dsa	bookworm	package

Примечания

https://github.com/r-lib/gh/issues/222
https://github.com/r-lib/gh/commit/b575d488c71318449cc6c8c989c617db29275848 (v1.5.0)

EPSS

Процентиль: 2%

0.00015

Низкий

Связанные уязвимости

CVE-2025-54956

CVSS3: 3.2

ubuntu

25 дней назад

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.

CVE-2025-54956

CVSS3: 3.2

nvd

25 дней назад

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.

GHSA-gfw5-r5r2-fv73

CVSS3: 3.2

github

25 дней назад

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.

EPSS

Процентиль: 2%

0.00015

Низкий