CVE-2021-29642

CVE-2021-29642

EPSS 0.9%

GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/lostintangent/gistpad/commit/230b05e8dea8d7ac5aae998bbe0a591d7f081b70 https://vuln.ryotak.me/advisories/7