Advisory #7
| Title | GistPad GitHub access token leakage via crafted workspace configuration |
| CVE ID | CVE-2021-29642 |
| Vendor | Jonathan Carter |
| Affected product | GistPad |
| Affected versions | - 0.2.6 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | GistPad has a vulnerability that allows a crafted workspace folder to change the URL of Gist API, which leads leakage of GitHub access token. |
| Status | Fixed in 0.2.7 |
| Recommendation | Update to version 0.2.7 or later. |