Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)

Summary A vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the egress-policy: block network restriction using DNS queries over TCP. Harden-Runner enforces egress policies on GitHub runners by filtering outbound connections at the network layer. When egress-policy:...