CVE-2024-42471 - GitHub Actions Artifact Path Traversal Arbitrary File Write Vulnerability

CVE ID : CVE-2024-42471
Published : Sept. 2, 2024, 6:15 p.m. | 24 minutes ago
Description : actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...