DuckDuckGo: RCE + Supply Chain Attack via pull_request_target in content-scope-scripts/semver-label.yml — Affects All DuckDuckGo Browsers

A vulnerability was discovered in the DuckDuckGo content-scope-scripts repository's GitHub Actions workflow. The workflow used the pullrequesttarget trigger without access controls, allowing untrusted code from fork pull requests to be checked out and executed. This could have led to remote code...