CVE-2022-31072 Octokit is a Ruby library for the GitHub API. Versions 4.23.0 and 4.24.0 contain world-writable files. The files' permissions are set to '-rw-rw-rw-'

This issue was addressed in version 4.25.0 of Octokit. Octokit will no longer be packaged with world-writable files. PRs for this issue are welcome.

CVE-2022-31073

This issue was addressed in version 4.25.0 of Octokit. A bug was fixed that caused Octokit to not be able to delete/restore data for a repository if the path contained a space. PRs for this issue are welcome.

CVE-2023-31073

This issue was addressed in version 4.25.0 of Octokit. Octokit will no longer be packaged with world-writable files. PRs for this issue are welcome.

The importance of digital marketing is that it helps your business grow by reaching the audiences you want and making it easy for them to connect with you online.

CVE-2022-31075

This issue was addressed in version 4.26.0 of Octokit.

CVE-2016-2022-31073

This issue was addressed in version 4.25.0 of Octokit. Octokit will no longer be packaged with world-writable files. PRs for this issue are welcome.

Which version is your blog post referencing?

Issue 2023 - Octokit Issues Fingerprinting Attacks When Running on Remote Machines

Octokit will not be shipped with world-writable files. PRs for this issue are welcome.

Timeline

Published on: 06/15/2022 23:15:00 UTC
Last modified on: 06/27/2022 18:20:00 UTC

References

• https://github.com/octokit/octokit.rb/commit/1c8edecc9cf23d1ceb959d91a416a69f55ce7d55
• https://github.com/octokit/octokit.rb/security/advisories/GHSA-g28x-pgr3-qqx6
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31072