Vulnerability Description
lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2.
Related Weaknesses (CWE)
References
- https://github.com/lycheeverse/lychee-action/commit/7cd0af4c74a61395d455af974192
- https://github.com/lycheeverse/lychee-action/security/advisories/GHSA-65rg-554r-
FAQ
What is CVE-2024-48908?
CVE-2024-48908 is a documented vulnerability. lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup o...
How severe is CVE-2024-48908?
CVSS scoring is not yet available for CVE-2024-48908. Check NVD for updates.
Is there a patch for CVE-2024-48908?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.