2 matches found
GHSA-5XR6-XHWW-33M4 Artifact poisoning vulnerability in action-download-artifact v5 and earlier
Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...
Artifact poisoning vulnerability in action-download-artifact v5 and earlier
Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...