CVE-2024-42370
- Source
- https://cve.org/CVERecord?id=CVE-2024-42370
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42370.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42370
- Aliases
- Published
- 2024-08-09T18:29:11.205Z
- Modified
- 2025-12-05T05:57:39.475336Z
- Severity
-
- 8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H CVSS Calculator
- Summary
- Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
- Details
-
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's
docs-preview.ymlworkflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, theDOCS_PREVIEW_DEPLOY_TOKENis exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix for this issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42370.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-78" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42370.json
- https://github.com/litestar-org/litestar/actions/runs/10081936962/job/27875077668#step:1:17
- https://github.com/litestar-org/litestar/blob/ffaf5616b19f6f0f4128209c8b49dbcb41568aa2/.github/workflows/docs-preview.yml
- https://github.com/litestar-org/litestar/commit/84d351e96aaa2a1338006d6e7221eded161f517b
- https://github.com/litestar-org/litestar/security/advisories/GHSA-4hq2-rpgc-r8r7
- https://nvd.nist.gov/vuln/detail/CVE-2024-42370
Affected packages
Git / github.com/litestar-org/litestar
Affected ranges
- Type
- GIT
- Repo
- https://github.com/litestar-org/litestar
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.7.2
v0.*
v0.0.1a
v0.1.0
v0.1.0b1
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.6.0
v0.7.0
v0.7.1
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.1.1
v1.10.0
v1.10.1
v1.11.0
v1.11.1
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.16.0
v1.16.1
v1.16.2
v1.17.0
v1.17.1
v1.17.2
v1.18.0
v1.18.1
v1.19.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.20.0
v1.21.0
v1.21.1
v1.21.2
v1.22.0
v1.23.0
v1.23.1
v1.24.0
v1.25.0
v1.26.0
v1.26.1
v1.27.0
v1.28.0
v1.28.1
v1.29.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.35.1
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.4.0
v1.4.1
v1.4.2
v1.40.0
v1.40.1
v1.41.0
v1.42.0
v1.43.0
v1.43.1
v1.44.0
v1.45.0
v1.45.1
v1.46.0
v1.47.0
v1.48.0
v1.48.1
v1.49.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.50.0
v1.50.1
v1.50.2
v1.51.0
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.9.0
v1.9.1
v2.*
v2.0.0
v2.0.0alpha1
v2.0.0alpha2
v2.0.0alpha3
v2.0.0alpha4
v2.0.0alpha5
v2.0.0alpha6
v2.0.0alpha7
v2.0.0beta1
v2.0.0beta2
v2.0.0beta3
v2.0.0beta4
v2.0.0rc1
v2.1.0
v2.1.1
v2.10.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.1
v2.8.0
v2.9.0