CVE-2024-45798

Name of the Vulnerable Software and Affected Versions: arduino-esp32 (affected versions not specified)

Description: The issue concerns multiple Poisoned Pipeline Execution (PPE) vulnerabilities in the arduino-esp32 CI, including code injection in the tests results.yml workflow and environment variable injection. These vulnerabilities have the potential for repository takeover and enable remote attacks with high impact. Users are advised to verify the contents of the downloaded artifacts.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.