CVE-2024-53858: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
(updated )
A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git
submodules hosted outside of GitHub.com and ghe.com.
References
Detect and mitigate CVE-2024-53858 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →