GitHub Actions Toolkit
Approved changes feed: RSS · Atom
cpe:2.3:a:github:actions_toolkit:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Github (b5027ca2-9bb9-532e-8779-8399b14c3e3b) |
|---|---|
| Product | Actions Toolkit (dfe16527-324d-5304-8175-93263c81c4e0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/actions/toolkit |
purl2cpe | 2026-06-01 10:15:25.125950 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-42471 |
vulnerable | 2026-06-03 14:56:36.903296 |
Arbitrary File Write via artifact extraction in actions/artifact
HIGH (7.3)
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue.
Published: 2024-09-02T16:13:50.712Z
Updated: 2025-08-27T21:33:03.045Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.