GHSA-6P2J-742G-835F actions-mkdocs: Command Injection via issue title in internal GitHub Actions workflow
Summary External input from github.event.issue.title is used unsafely in a shell command in .github/workflows/release-candidate.yaml, allowing command injection during workflow execution. Details In .github/workflows/release-candidate.yaml, the issue title is interpolated directly into a shell...