some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version v1
. Users are advised to use v1
or later. There are no known workarounds for this issue.
CPE | Name | Operator | Version |
---|---|---|---|
ghas-to-csv | eq | 0.3.0 | |
ghas-to-csv | eq | 0.5.0 | |
ghas-to-csv | eq | 0.1.1 | |
ghas-to-csv | eq | 0.4.0 | |
ghas-to-csv | eq | 0.1.0 | |
ghas-to-csv | eq | 0.2.0 |