QwikSec

Security Database

CVE

CWE

Training

CVE-2024-48908

Published: Aug 28, 2025

Modified: Aug 28, 2025

PUBLISHED

Description

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2.

Vendor	Product	Versions
lycheeverse	lychee-action	affected `< 2.0.2`

Weaknesses (CWE)

References

https://github.com/lycheeverse/lychee-action/security/advisories/GHSA-65rg-554r-9j5x

x_refsource_CONFIRM

https://github.com/lycheeverse/lychee-action/commit/7cd0af4c74a61395d455af97419279d86aafaede

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.