6 matches found
CVE-2025-47271
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...
CVE-2025-47271
creationtimestamp| type| source ---|---|--- 2025-05-12 14:26:22+00:00| seen| https://t.me/cvedetector/25074 2025-05-12 14:42:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loy7dtwqat2e...
CVE-2025-47271
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...
CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...
CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...
CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...