Summary
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-4XGF-CPJX-PC3J
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
- CRITICALGHSA-W7MQ-R738-X278
Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload
- MEDIUMGHSA-6X2M-P4XP-WG22
Network-AI: EnvironmentManager.backup() follows symlinked directories and copies files outside the environment root into backups
- MEDIUMGHSA-F9M7-VC86-P6JJ
go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination)
- CRITICALGHSA-2JQ4-Q6VV-4CP3
Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE
- LOWGHSA-RVP7-W75Q-9FV2
BBOT: Symlink-Following Arbitrary Write via github_workflows Module