Lucene search
K

5 matches found

NVD
NVD
added 2022/08/15 11:21 a.m.39 views

CVE-2022-35954

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

5CVSS0.00559EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/08/13 11:40 p.m.7 views

CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

5CVSS5.3AI score0.00559EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/13 11:40 p.m.46 views

CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

5CVSS5.5AI score0.00559EPSS
Exploits0References2
CVE
CVE
added 2022/08/13 11:40 p.m.74 views

CVE-2022-35954

The CVE-2022-35954 issue affects the GitHub Actions ToolKit, specifically core.exportVariable in @actions/core. The vulnerability arises from a well-known delimiter (GitHubActionsFileCommandDelimeter ) used to set environment variables via GITHUB_ENV, which can be exploited to break out of the in...

5CVSS5.1AI score0.00559EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2022/07/05 10:31 a.m.178 views

GitHub: Delimiter injection in GitHub Actions core.exportVariable

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

4CVSS5.2AI score0.00559EPSS
Exploits0
Rows per page
Query Builder