4 matches found
CVE-2023-27581
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...
CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...
CVE-2023-27581
Summary: CVE-2023-27581 affects the GitHub Action github-slug-action. Vulnerability: Versions before 4.4.1 insecurely use the github.head_ref parameter in pull request workflows, enabling an attacker to trigger code execution on GitHub runners and exfiltrate CI secrets. Impact: High impact on con...
CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...