CVE-2023-51664

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 27, 2023
Updated: Jan 4, 2024
CWE ID 77
CWE ID 74

Summary

CVE-2023-51664 is a vulnerability affecting the `tj-actions/changed-files` GitHub action before version 41.0.0. This workflow, which retrieves all files and directories, was found to be susceptible to command injection in the filenames. An attacker could exploit this vulnerability to execute arbitrary code, potentially leading to the leakage of secrets. This issue poses a significant risk, as it could result in arbitrary command execution in the GitHub Runner. Users are strongly recommended to upgrade to version 41.0.0 to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share