rpm package
opensuse/gh&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/gh&distro=openSUSE%20Leap%2015.6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-52308 | — | < 2.65.0-bp156.2.17.1 | 2.65.0-bp156.2.17.1 | Nov 14, 2024 | The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an S | ||
| CVE-2024-6104 | — | < 2.53.0-bp156.2.6.1 | 2.53.0-bp156.2.6.1 | Jun 24, 2024 | go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. |
- CVE-2024-52308Nov 14, 2024affected < 2.65.0-bp156.2.17.1fixed 2.65.0-bp156.2.17.1
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an S
- CVE-2024-6104Jun 24, 2024affected < 2.53.0-bp156.2.6.1fixed 2.53.0-bp156.2.6.1
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.