Lucene search

CVE-2023-27581

🗓️ 13 Mar 2023 21:14:15Reported by GitHub_MType

github-slug-action exposes GitHub environment variable in insecure wa

Reporter	Title	Published	Views	Family All 7
OSV	github-slug-action vulnerable to arbitrary code execution	13 Mar 202320:43	–	osv
OSV	CVE-2023-27581	13 Mar 202321:15	–	osv
Vulnrichment	CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution	13 Mar 202320:19	–	vulnrichment
NVD	CVE-2023-27581	13 Mar 202321:15	–	nvd
Prion	Design/Logic Flaw	13 Mar 202321:15	–	prion
Github Security Blog	github-slug-action vulnerable to arbitrary code execution	13 Mar 202320:43	–	github
Cvelist	CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution	13 Mar 202320:19	–	cvelist

Nvd

Vulners

Node

github-slug-action_project github-slug-actionRange4.0.0–4.4.1

[
  {
    "vendor": "rlespinasse",
    "product": "github-slug-action",
    "versions": [
      {
        "version": ">= 4.0.0, < 4.4.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/rlespinasse/github-slug-action/releases/tag/v4.4.1
github	www.github.com/rlespinasse/github-slug-action/commit/102b1a064a9b145e56556e22b18b19c624538d94
github	www.github.com/rlespinasse/github-slug-action/security/advisories/GHSA-6q4m-7476-932w
securitylab	www.securitylab.github.com/research/github-actions-untrusted-input/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Mar 2023 21:15Current

8.9High risk

Vulners AI Score8.9

CVSS38.8

EPSS0.00225

SSVC

CWE-77