CVE-2022-46255

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server version 3.7.0

Description An improper limitation of a pathname to a restricted directory was identified, enabling remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content, preventing an arbitrary file overwrite bug. This issue was reported via the GitHub Bug Bounty program.

Recommendations For version 3.7.0, update to version 3.7.1 to resolve the issue. As a temporary workaround, consider ensuring the working directory is clean before unpacking new content to prevent arbitrary file overwrites.