CVE-2025-47775

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-47775

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47775.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-47775

Aliases

GHSA-m32f-fjw2-37v3

Related

GHSA-m32f-fjw2-37v3

Published

2025-05-14T16:15:28Z

Modified

2025-05-17T14:25:50.071656Z

Summary

[none]

Details

Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue.

References

Affected packages

Git / github.com/bullfrogsec/bullfrog

Affected ranges

Type: GIT
Repo: https://github.com/bullfrogsec/bullfrog
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671

Affected versions

v0.*

v0.3

v0.4

v0.4.1

v0.5

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.6

v0.6.0

v0.6.1

v0.6.2

v0.7

v0.7.0

v0.8.0

v0.8.1

v0.8.2

v0.8.3