{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T05:30:30.759","vulnerabilities":[{"cve":{"id":"CVE-2024-42370","sourceIdentifier":"security-advisories@github.com","published":"2024-08-12T13:38:34.497","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix for this issue."},{"lang":"es","value":"Litestar es un framework de interfaz de puerta de enlace de servidor asíncrono (ASGI). En las versiones 2.10.0 y anteriores, el flujo de trabajo `docs-preview.yml` de Litestar es vulnerable a la inyección de variables de entorno, lo que puede provocar una filtración secreta y manipulación del repositorio. Este problema otorga a un actor malintencionado permiso para escribir problemas, leer metadatos y escribir solicitudes de extracción. Además, el `DOCS_PREVIEW_DEPLOY_TOKEN` está expuesto al atacante. El commit 84d351e96aaa2a1338006d6e7221eded161f517b contiene una solución para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/litestar-org/litestar/actions/runs/10081936962/job/27875077668#step:1:17","source":"security-advisories@github.com"},{"url":"https://github.com/litestar-org/litestar/blob/ffaf5616b19f6f0f4128209c8b49dbcb41568aa2/.github/workflows/docs-preview.yml","source":"security-advisories@github.com"},{"url":"https://github.com/litestar-org/litestar/commit/84d351e96aaa2a1338006d6e7221eded161f517b","source":"security-advisories@github.com"},{"url":"https://github.com/litestar-org/litestar/security/advisories/GHSA-4hq2-rpgc-r8r7","source":"security-advisories@github.com"}]}}]}