CVE-2024-42370

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Aug 12, 2024
CWE ID 78

Summary

CVE-2024-42370 is a vulnerability affecting Litestar, an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and older, the framework's `docs-preview.yml` workflow is susceptible to Environment Variable injection. This issue grants malicious actors permission to write issues, read metadata, and write pull requests. Additionally, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed, increasing the risk of secret exfiltration and repository manipulation. Mitigation is available through the commit 84d351e96aaa2a1338006d6e7221eded161f517b, which addresses this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share