GHSA-vfxf-76hv-v4w4 – github.com/gravitational/teleport

Package

Manager: go
Name: github.com/gravitational/teleport
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Withdrawn Advisory: User-provided environment values allow execution on macOS agents ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects a binary, not a library in a [supported ecosystem](https://github.com/github/advisory-database#supported-ecosystems). Therefore, users of the library should not receive alerts. This link is maintained to preserve external references. ## Original Description ### Impact Agents running on macOS could be susceptible to unexpected code execution through user supplied environment variables. ### Patches Fixed in versions 14.2.4, 13.4.13 and 12.4.31. ### References * Fix PR: https://github.com/gravitational/teleport/pull/36132

Metadata

Created: 2024-01-03T21:30:17Z
Modified: 2024-09-06T21:40:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-vfxf-76hv-v4w4/GHSA-vfxf-76hv-v4w4.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0