GHSA-4ch8-prch-6prfMediumCVSS 6.1

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build...

Published
June 21, 2026
Last Modified
June 21, 2026

🔗 CVE IDs covered (1)

📋 Description

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions when developers run the CLI.

🔗 References (4)