Количество 2
Количество 2
CVE-2024-42370
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix for this issue.
GHSA-4hq2-rpgc-r8r7
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-42370 Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix for this issue. | CVSS3: 8.3 | 1% Низкий | больше 1 года назад |
| GHSA-4hq2-rpgc-r8r7 Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow | CVSS3: 8.3 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу