9 matches found
CVE-2026-25761
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25761
The CVE describes a command injection in the Super-linter GitHub Action affecting versions 6.0.0–8.3.0, where file discovery can execute shell command substitution embedded in filenames, enabling arbitrary command execution in the workflow runner and potential disclosure of the job’s GITHUB_TOKEN...
CVE-2026-25761 Command injection via crafted filenames in Super-linter Action
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25761 Command injection via crafted filenames in Super-linter Action
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
CVE-2026-25761 Command injection via crafted filenames in Super-linter Action
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...
Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action
Summary The Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $.... In...
GHSA-R79C-PQJ3-577X Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action
Summary The Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $.... In...
PT-2026-7152
Name of the Vulnerable Software and Affected Versions Super-linter versions 6.0.0 through 8.3.0 Description Super-linter is susceptible to command injection through specially crafted filenames. When used in GitHub Actions workflows, an attacker submitting a pull request with a file containing she...
Super-Linter 命令注入漏洞
Super-Linter is a code checker developed by Super Linter. Versions 6.0.0 to 8.3.0 of Super-Linter have a command injection vulnerability, which stems from improper handling of specially crafted file names. This vulnerability may lead to command injection attacks...