2 matches found
CVE-2023-30623 Arbitrary command injection in embano1/wip
embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...
CVE-2023-30623
CVE-2023-30623 concerns the GitHub Action embano1/wip (Bash). Before version 2, it insecurely uses the PR title from github.event.pull_request.title in a run statement, enabling command injection via string interpolation. This can let an attacker who creates a PR trigger code execution on GitHub ...