CVE-2023-51664
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-51664
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-51664.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-51664
- Aliases
- Published
- 2023-12-27T17:15:08Z
- Modified
- 2024-05-14T13:06:06.374847Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the
tj-actions/changed-filesworkflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade. - References
-
- https://github.com/tj-actions/changed-files/security/advisories/GHSA-mcph-m25j-8j63
- https://github.com/tj-actions/changed-files/commit/0102c07446a3cad972f4afcbd0ee4dbc4b6d2d1b
- https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f
- https://github.com/tj-actions/changed-files/commit/ff2f6e6b91913a7be42be1b5917330fe442f2ede
Affected packages
Git / github.com/tj-actions/changed-files
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tj-actions/changed-files
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
Other
v1
v10
v11
v12
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v28
v29
v3
v30
v31
v32
v33
v34
v36
v37
v38
v39
v4
v40
v5
v6
v7
v8
v9
v1.*
v1.0.2
v1.0.3
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v10.*
v10.1
v11.*
v11.1
v11.2
v11.3
v11.4
v11.5
v11.6
v11.7
v11.8
v11.9
v12.*
v12.1
v12.2
v15.*
v15.1
v17.*
v17.1
v17.2
v17.3
v18.*
v18.1
v18.2
v18.3
v18.4
v18.5
v18.6
v18.7
v19.*
v19.1
v19.2
v19.3
v2.*
v2.0.0
v2.0.1
v2.1
v20.*
v20.1
v20.2
v22.*
v22.1
v22.2
v23.*
v23.1
v23.2
v24.*
v24.1
v26.*
v26.1
v28.*
v28.0.0
v29.*
v29.0.0
v29.0.1
v29.0.2
v29.0.3
v29.0.4
v29.0.5
v29.0.6
v29.0.7
v29.0.8
v29.0.9
v3.*
v3.1
v3.2
v3.3
v30.*
v30.0.0
v31.*
v31.0.0
v31.0.1
v31.0.2
v31.0.3
v32.*
v32.0.0
v32.0.1
v32.1.0
v32.1.1
v32.1.2
v33.*
v33.0.0
v34.*
v34.0.0
v34.0.1
v34.0.2
v34.0.3
v34.0.4
v34.0.5
v34.1.1
v34.2.0
v34.2.1
v34.2.2
v34.3.0
v34.3.1
v34.3.2
v34.3.3
v34.3.4
v34.4.0
v34.4.1
v34.4.2
v34.4.3
v34.4.4
v34.5.0
v34.5.1
v34.5.2
v34.5.3
v34.5.4
v34.6.0
v34.6.1
v34.6.2
v35.*
v35.0.0
v35.0.1
v35.1.0
v35.1.1
v35.1.2
v35.2.0
v35.2.1
v35.3.0
v35.3.1
v35.3.2
v35.4.0
v35.4.1
v35.4.2
v35.4.3
v35.4.4
v35.5.0
v35.5.1
v35.5.2
v35.5.3
v35.5.4
v35.5.5
v35.5.6
v35.6.0
v35.6.1
v35.6.2
v35.6.3
v35.6.4
v35.7.0
v35.7.0-sec
v35.7.1
v35.7.10
v35.7.11
v35.7.12
v35.7.2
v35.7.3
v35.7.4
v35.7.5
v35.7.6
v35.7.7
v35.7.8
v35.7.9
v35.8.0
v35.9.0
v35.9.1
v35.9.2
v36.*
v36.0.0
v36.0.1
v36.0.10
v36.0.11
v36.0.12
v36.0.13
v36.0.14
v36.0.15
v36.0.16
v36.0.17
v36.0.18
v36.0.2
v36.0.3
v36.0.4
v36.0.5
v36.0.6
v36.0.7
v36.0.8
v36.0.9
v36.1.0
v36.2.0
v36.2.1
v36.3.0
v36.4.0
v36.4.1
v37.*
v37.0.0
v37.0.1
v37.0.2
v37.0.3
v37.0.4
v37.0.5
v37.1.0
v37.1.1
v37.1.2
v37.2.0
v37.3.0
v37.4.0
v37.5.0
v37.5.1
v37.5.2
v37.6.0
v37.6.1
v38.*
v38.0.0
v38.1.0
v38.1.1
v38.1.2
v38.1.3
v38.2.0
v38.2.1
v38.2.2
v39.*
v39.0.0
v39.0.1
v39.0.2
v39.0.3
v39.1.0
v39.1.1
v39.1.2
v39.2.0
v39.2.1
v39.2.2
v39.2.3
v39.2.4
v4.*
v4.1
v4.2
v4.3
v4.4
v40.*
v40.0.0
v40.0.1
v40.0.2
v40.1.0
v40.1.1
v40.2.0
v40.2.1
v40.2.2
v40.2.3
v5.*
v5.1
v5.2
v5.3
v6.*
v6.1
v6.2
v6.3
v8.*
v8.1
v8.2
v8.3
v8.4
v8.5
v8.6
v8.7
v8.8
v8.9
v9.*
v9.1
v9.2
v9.3