Vulnerabilities (CVE)

Filtered by vendor Github Subscribe
Filtered by product Actions Toolkit
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-42471 1 Github 2 Actions\/artifact, Actions Toolkit 2024-09-16 N/A 7.5 HIGH
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue.