CVE-2024-3924
📋 TL;DR
This CVE describes a code injection vulnerability in the huggingface/text-generation-inference repository's GitHub Actions workflow. Attackers can exploit it by creating malicious branch names in pull requests, potentially leading to arbitrary code execution on GitHub Actions runners. This affects users of the text-generation-inference repository up to version 2.0.0.
💻 Affected Systems
- huggingface/text-generation-inference
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the GitHub Actions runner environment, allowing attackers to steal secrets, modify code, deploy malicious artifacts, or pivot to other systems.
Likely Case
Execution of arbitrary commands within the GitHub Actions runner, potentially leading to data exfiltration, repository tampering, or cryptocurrency mining.
If Mitigated
No impact if proper input validation and security controls are implemented in GitHub Actions workflows.
🎯 Exploit Status
Exploitation requires creating a GitHub account, forking the repository, and opening a pull request with a malicious branch name.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0
Vendor Advisory: https://github.com/huggingface/text-generation-inference/commit/88702d876383f7200eccf67e28ba00500dc804bb
Restart Required: No
Instructions:
1. Update to text-generation-inference version 2.0.0 or later. 2. Review the commit 88702d876383f7200eccf67e28ba00500dc804bb to understand the fix. 3. Ensure GitHub Actions workflows are using the updated repository.
🔧 Temporary Workarounds
Disable vulnerable workflow
allTemporarily disable the autodocs.yml GitHub Actions workflow to prevent exploitation.
Navigate to repository Settings > Actions > Workflow permissions > Disable workflow for autodocs.yml
Implement input validation
allAdd input validation for github.head_ref in GitHub Actions workflows.
Modify workflow files to validate branch names before using them in commands
🧯 If You Can't Patch
- Disable GitHub Actions entirely for the repository
- Implement strict branch naming policies and review all pull requests manually
🔍 How to Verify
Check if Vulnerable:
Check if your text-generation-inference version is ≤2.0.0 and review GitHub Actions workflow files for insecure use of github.head_ref.Check Version:
Check package.json or repository tags for version informationVerify Fix Applied:
Verify that the repository has been updated to version 2.0.0 or later, and that the autodocs.yml workflow no longer uses github.head_ref without validation.📡 Detection & Monitoring
Log Indicators:
- Unusual commands executed in GitHub Actions logs
- Suspicious branch names in pull requests
- Unexpected package installations
Network Indicators:
- Unusual outbound connections from GitHub Actions runners
- Downloads from unexpected package repositories
SIEM Query:
Search GitHub Actions logs for patterns like 'github.head_ref' being used in command execution or suspicious package installation commands.🔗 References
- https://github.com/huggingface/text-generation-inference/commit/88702d876383f7200eccf67e28ba00500dc804bb
- https://huntr.com/bounties/8af92fc2-0103-4d29-bb28-c3893154c422
- https://github.com/huggingface/text-generation-inference/commit/88702d876383f7200eccf67e28ba00500dc804bb
- https://huntr.com/bounties/8af92fc2-0103-4d29-bb28-c3893154c422
