2 matches found
CVE-2025-53546
Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...
GHSA-PHF6-HM3H-X8QP Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`
Summary Using Issuecomment on .github/workflows/scalafmt-fix.yml an attacker can inject malicious code using github.event.comment.body. By exploiting the vulnerability, it is possible to exfiltrate high privileged GITHUBTOKEN which can be used to completely overtake the repo since the token has...