2 matches found
Harden-Runner 安全漏洞
Harden-Runner is a program open source by StepSecurity. It provides network exit filter and runtime security for both GitHub-hosted and self-hosted runners. Versions of Harden-Runner prior to 2.14.2 contained security vulnerabilities. These vulnerabilities allowed outbound network connections to...
CVE-2024-52587
The CVE applies to StepSecurity Harden-Runner. Versions prior to v2.10.2 contain multiple command-injection weaknesses via environment variables in setup.ts and arc-runner.ts, exploitable under specific conditions. However, the documentation notes that due to GitHub Actions pre-step execution ord...