CVE-2022-29220

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests PRs. Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set t...

Design/Logic Flaw

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests PRs. Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set t...

CVE-2022-29220 No verification of commits origin in github-action-merge-dependabot

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests PRs. Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set t...

github-action-merge-dependabot 数据伪造问题漏洞

github-action-merge-dependabot is used to automatically approve and merge dependabot PRs. A security vulnerability exists in github-action-merge-dependabot versions prior to 3.2.0, which stems from the fact that it does not check whether commits created by dependabot are verified with the correct...