CVE-2024-21623

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-21623
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-21623.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-21623
Related
  • GHSA-q6gr-wc79-v589
Published
2024-01-02T21:15:10Z
Modified
2025-01-08T15:46:17.076254Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.

References

Affected packages

Git / github.com/mehah/otclient

Affected ranges

Type
GIT
Repo
https://github.com/mehah/otclient
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

2.*

2.6.2
2.8

3.*

3.0
3.0.2
3.0b
3.1