5 matches found
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954
The CVE-2022-35954 issue affects the GitHub Actions ToolKit, specifically core.exportVariable in @actions/core. The vulnerability arises from a well-known delimiter (GitHubActionsFileCommandDelimeter ) used to set environment variables via GITHUB_ENV, which can be exploited to break out of the in...
GitHub: Delimiter injection in GitHub Actions core.exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...