{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T22:18:47.880","vulnerabilities":[{"cve":{"id":"CVE-2024-21623","sourceIdentifier":"security-advisories@github.com","published":"2024-01-02T21:15:10.250","lastModified":"2024-11-21T08:54:44.770","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient \"`Analysis - SonarCloud`\" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue."},{"lang":"es","value":"OTCLient es un cliente de tibia alternativo para otserv. Antes del commit db560de0b56476c87a2f967466407939196dd254, el workflow /mehah/otclient \"`Analysis - SonarCloud`\" es vulnerable a una inyección de expresión en Actions, lo que permite a un atacante ejecutar comandos de forma remota en el ejecutor, filtrar secretos y alterar el repositorio utilizando este workflow. El commit db560de0b56476c87a2f967466407939196dd254 contiene una solución para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mehah:otclient:*:*:*:*:*:*:*:*","versionEndExcluding":"2023-12-30","matchCriteriaId":"60A3865E-2453-4A5A-9685-34494CC8BCD1"}]}]}],"references":[{"url":"https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://securitylab.github.com/research/github-actions-preventing-pwn-requests/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://securitylab.github.com/research/github-actions-untrusted-input/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://securitylab.github.com/research/github-actions-preventing-pwn-requests/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://securitylab.github.com/research/github-actions-untrusted-input/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}