Описание
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, the DOCS_PREVIEW_DEPLOY_TOKEN is exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix for this issue.
Ссылки
EPSS
Процентиль: 79%
0.01283
Низкий
8.3 High
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.3
github
больше 1 года назад
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
EPSS
Процентиль: 79%
0.01283
Низкий
8.3 High
CVSS3
Дефекты
CWE-78