Jaromil on Nostr: CVE-2024-42471 is a vulnerability to arbitrary file writing when using an omnipresent ...
CVE-2024-42471 is a vulnerability to arbitrary file writing when using an omnipresent dependency in Github actions maintained by Microsoft itself. This supply chain attack is the 1st of many targeting the current situation on GitHub. It has been predicted:
https://fed.dyne.org/post/227715Published at
2024-09-04 08:29:47Event JSON
{
"id": "5e1e442e3edf51292cda00061978d1d1fd765059e8b5746a5da728fa7e0cf130",
"pubkey": "f16a6132a31e310b70162361b36ee290b5f712c8f1704cc76e2b48c2f20e748b",
"created_at": 1725438587,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/jaromil/statuses/113078343255873568",
"activitypub"
]
],
"content": "CVE-2024-42471 is a vulnerability to arbitrary file writing when using an omnipresent dependency in Github actions maintained by Microsoft itself. This supply chain attack is the 1st of many targeting the current situation on GitHub. It has been predicted:\nhttps://fed.dyne.org/post/227715",
"sig": "f476ff7b413c042390e461e0a748ccf9506494f848e37582b33da59647c64fd70385759df1c7d50688b2c453070919d1c62330c1dfe3a5945aa9a5ccd814a3ea"
}
