Actions/Artifact
Approved changes feed: RSS · Atom
cpe:2.3:a:github:actions\/artifact:*:*:*:*:*:node.js:*:*
part: a version: * update: *
| Vendor | Github (b5027ca2-9bb9-532e-8779-8399b14c3e3b) |
|---|---|
| Product | Actions/Artifact (f165595b-b9e0-5b74-ac1a-0932b8848357) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | node.js |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-42471 |
vulnerable | 2026-06-03 14:56:36.902661 |
Arbitrary File Write via artifact extraction in actions/artifact
HIGH (7.3)
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue.
Published: 2024-09-02T16:13:50.712Z
Updated: 2025-08-27T21:33:03.045Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.