CVE-2026-34042
HIGH8.2EPSS 0.02%act: actions/cache server allows malicious cache injection in github.com/nektos/act
發布日:2026/3/27修改日:2026/4/2
描述
act: actions/cache server allows malicious cache injection in github.com/nektos/act
受影響套件(2)
- Go/github.com/nektos/actfrom 0, < 0.2.86
- Go/github.com/nektos/actfrom 0, < 0.2.86
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-34042
- PATCHhttps://github.com/nektos/act
- WEBhttps://code.forgejo.org/forgejo/runner/issues/294
- WEBhttps://github.com/nektos/act/commit/c28c27e141e8b54f9853de82f421ee09846751f7
- WEBhttps://github.com/nektos/act/releases/tag/v0.2.86
- WEBhttps://github.com/nektos/act/security/advisories/GHSA-x34h-54cw-9825