What is CVE-2023-51664?

CVE-2023-51664 is a high-severity vulnerability in Tj-actions Changed-files, classified under Command Injection. CVSS score: 7.3/10. Published 2023-12-27.

How severe is CVE-2023-51664?

High severity. CVSS v3 base score is 7.3 out of 10.

Is CVE-2023-51664 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Tj-actions Changed-files

CVE-2023-51664

tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code a…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.004 (62.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.

Affected products

Tj-actions Changed-files — versions < 41.0.0

Weakness classification (CWE)

Public proof-of-concept exploits

dhawaldesai/tj-actions-scanner

References

https://github.com/tj-actions/changed-files/security/advisories/GHSA-mcph-m25j-8j63 (x_refsource_CONFIRM)
https://github.com/tj-actions/changed-files/commit/0102c07446a3cad972f4afcbd0ee4dbc4b6d2d1b (x_refsource_MISC)
https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f (x_refsource_MISC)
https://github.com/tj-actions/changed-files/commit/ff2f6e6b91913a7be42be1b5917330fe442f2ede (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-51664?: CVE-2023-51664 is a high-severity vulnerability in Tj-actions Changed-files, classified under Command Injection. CVSS score: 7.3/10. Published 2023-12-27.
How severe is CVE-2023-51664?: High severity. CVSS v3 base score is 7.3 out of 10.
Is CVE-2023-51664 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.