3 matches found
CVE-2023-49291
creationtimestamp| type| source ---|---|--- 2023-12-23 12:41:37+00:00| seen| https://t.me/ctinow/158804 2025-03-18 15:27:29+00:00| seen| https://gist.github.com/krstp/6674b8ed7627efed95a167a099a0b67b...
CVE-2023-49291
The CVE-2023-49291 entry concerns the GitHub Action tj-actions/branch-names. The vulnerability arises from improper referencing of github.event.pull_request.head.ref and github.head_ref within a run step, allowing a crafted branch name to inject arbitrary code. Reported impact includes potential ...
CVE-2023-49291 Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The tj-actions/branch-names GitHub Actions improperly references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variab...