6 matches found
CVE-2023-27581
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...
PT-2024-40157 · Github · Github-Slug-Action
Name of the Vulnerable Software and Affected Versions: github-slug-action versions prior to 1.1.1 github-slug-action versions prior to 2.1.1 Description: The issue is related to the use of set-env runner commands processed via stdout. It is recommended to upgrade to a version that uses the...
CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...
CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...
GitHub Slug action 命令注入漏洞
GitHub Slug action is a tool for exposing the slug values of GitHub environment variables in GitHub workflows. A command injection vulnerability exists in GitHub Slug action version 4.0.0 through versions prior to 4.4.1. An attacker could use this vulnerability to execute code on the GitHub runne...
PT-2023-21224 · Github · Github-Slug-Action
Name of the Vulnerable Software and Affected Versions: github-slug-action versions 4.0.0 through 4.4.1 Description: The github-slug-action uses the github.head ref parameter in an insecure way, allowing any user on GitHub to trigger the vulnerability by creating a pull request with a branch name...