6 matches found
CVE-2025-53546
Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...
CVE-2025-53546
creationtimestamp| type| source ---|---|--- 2025-07-09 14:42:52+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114823801833628508 2025-07-09 16:05:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltk6z3xql62y 2025-08-06 01:04:19+00:00| seen|...
CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`
Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...
CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`
Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...
CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`
Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...
CVE-2025-53546
CVE-2025-53546 affects Folo. The vulnerability arises from using pull_request_target in the GitHub Actions workflow (.github/workflows/auto-fix-lint-format-commit.yml), allowing untrusted code in the base repository to access secrets. Exploitation can exfiltrate the GITHUB_TOKEN, which has high p...