CVE-2024-54132: Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download
.
References
Detect and mitigate CVE-2024-54132 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →