x/vulndb: potential Go vuln in github.com/cli/cli: CVE-2024-52308

[GoVulnBot]

Advisory CVE-2024-52308 references a vulnerability in the following Go modules:

Module
github.com/cli/cli

Description:
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0.

Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the default devcontainer image. GitHub CLI [ret...

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-52308
• WEB: GHSA-p2h2-3vg9-4p87

Cross references:

• github.com/cli/cli appears in 1 other report(s):
  • data/reports/GO-2022-0395.yaml (x/vulndb: potential Go vuln in github.com/cli/cli: GHSA-fqfh-778m-2v32 #395)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/cli/cli
      vulnerable_at: 1.14.0
summary: CVE-2024-52308 in github.com/cli/cli
cves:
    - CVE-2024-52308
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-52308
    - web: https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87
source:
    id: CVE-2024-52308
    created: 2024-11-15T00:01:20.20786536Z
review_status: UNREVIEWED

[tatianab]

Duplicate of #3269