CVE-2024-48908

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-48908

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-48908.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-48908

Aliases

GHSA-65rg-554r-9j5x

Published

2025-08-28T15:15:42Z

Modified

2025-08-29T04:50:57.825804Z

Summary

[none]

Details

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2.

References

Affected packages

Git / github.com/lycheeverse/lychee-action

Affected ranges

Type: GIT
Repo: https://github.com/lycheeverse/lychee-action
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7cd0af4c74a61395d455af97419279d86aafaede

Affected versions

Other

v1.*

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.10.0

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.6.0

v1.6.1

v1.7.0

v1.8.0

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v2.*

v2.0.0

v2.0.1