Количество 2
Количество 2
CVE-2024-42471
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue.
GHSA-6q32-hq47-5qq3
@actions/artifact has an Arbitrary File Write via artifact extraction
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-42471 actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue. | CVSS3: 7.3 | 6% Низкий | больше 1 года назад |
| GHSA-6q32-hq47-5qq3 @actions/artifact has an Arbitrary File Write via artifact extraction | CVSS3: 7.3 | 6% Низкий | больше 1 года назад |
Уязвимостей на страницу