CVE-2024-54132 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-54132 PUBLISHED CVSS 6.300000190734863 MEDIUM

Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability

EPSS 0.23% · 46.3th percentile

Risk Scores

CVSS v4.0

6.300000190734863

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Green

EPSS Score

0.23%

46.3th percentile

Affected Products

Vendor	Product	Versions
cli	cli	< 2.63.1, *
github.com	cli/cli/v2	0, 0
github.com	cli/cli	0, 0

Timeline

Jan 21, 1970 Security Advisory
Dec 4, 2024 CVE Published
Dec 4, 2024 PoC Published
Dec 4, 2024 PoC Published
Dec 5, 2024 EPSS Score
Dec 21, 2024 EPSS Score
Jan 7, 2025 EPSS Score
Jan 23, 2025 EPSS Score
Jan 25, 2025 Coalition ESS Score
Feb 9, 2025 EPSS Score
Feb 25, 2025 EPSS Score
Mar 13, 2025 EPSS Score

References

Open in Interactive Console →