2 matches found
CVE-2020-15228
creationtimestamp| type| source ---|---|--- 2024-11-14 06:07:13+00:00| seen| MISP/f4c18b78-4cca-4231-b957-1490787689a1...
CVE-2020-15228
CVE-2020-15228 affects the npm package @actions/core (pre-1.2.6). The vulnerability stems from addPath and exportVariable communicating with the Actions Runner via stdout in a specific format, allowing untrusted workflow data logged to stdout to modify PATH or environment variables. Mitigation: u...