References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

GitHub, Inc. AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H

GitHub, Inc. CWE-78

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix f

GitHub, Inc. https://github.com/litestar-org/litestar/actions/runs/10081936962/job/27875077668#step:1:17 [No types assigned]

GitHub, Inc. https://github.com/litestar-org/litestar/blob/ffaf5616b19f6f0f4128209c8b49dbcb41568aa2/.github/workflows/docs-preview.yml [No types assigned]

GitHub, Inc. https://github.com/litestar-org/litestar/commit/84d351e96aaa2a1338006d6e7221eded161f517b [No types assigned]

GitHub, Inc. https://github.com/litestar-org/litestar/security/advisories/GHSA-4hq2-rpgc-r8r7 [No types assigned]