Advisory #7
TitleGistPad GitHub access token leakage via crafted workspace configuration
CVE IDCVE-2021-29642
VendorJonathan Carter
Affected productGistPad
Affected versions- 0.2.6
Vulnerability typeCWE-284 (Improper Access Control)
DescriptionGistPad has a vulnerability that allows a crafted workspace folder to change the URL of Gist API, which leads leakage of GitHub access token.
StatusFixed in 0.2.7
RecommendationUpdate to version 0.2.7 or later.