2 matches found
CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...
PT-2026-40973
Name of the Vulnerable Software and Affected Versions CoreShop versions 5.0.1 through 5.1.0-beta.1 Description The GitHub Actions workflow located at .github/workflows/static.yml uses the pull request target trigger and checks out unverified code from the pull request head using the variable ref:...