5 matches found
CVE-2023-51664
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrar...
CVE-2023-51664 tj-actions/changed-files command injection in output filenames
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrar...
CVE-2023-51664 tj-actions/changed-files command injection in output filenames
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrar...
CVE-2023-51664 tj-actions/changed-files command injection in output filenames
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrar...
CVE-2023-51664
The CVE refers to the GitHub Action tj-actions/changed-files. Before version 41.0.0, the action allowed command injection through changed filenames, enabling potential arbitrary code execution on the GitHub Runner and possible secret leakage. Affected component: tj-actions/changed-files (GitHub A...