AZL-62282

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62282.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-62282

Upstream

CVE-2025-48938

Published

2025-05-30T19:15:29Z

Modified

2026-04-21T04:31:58.960844Z

Summary

CVE-2025-48938 affecting package gh for versions less than 2.62.0-9

Details

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In 2.12.1, Browser.Browse() has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-48938

Affected packages

Azure Linux:3 / gh

Package

Name: gh
Purl: pkg:rpm/azure-linux/gh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.62.0-9

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62282.json"