6 matches found
EUVD-2022-6508
Malicious code in bioql PyPI...
GitHub Actions toolkit 安全漏洞
GitHub Actions toolkit is a GitHub toolkit for developing GitHub Actions from GitHub Actions open source. A security vulnerability exists in GitHub Actions toolkit version 0.5.0, which stems from an inefficient regular expression complexity in the function globEscape...
GitHub Actions Toolkit 路径遍历漏洞
GitHub Actions Toolkit is a Github Actions open source toolkit for GitHub Actions. A path traversal vulnerability exists in GitHub Actions Toolkit versions prior to 2.1.7. An attacker exploiting this vulnerability could read arbitrary files on the server running the application...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...