Harden-Runner 安全漏洞

Harden-Runner is a program open source by StepSecurity. It provides network exit filtering and runtime security for both GitHub-hosted and self-hosted runners. Harden-Runner versions 2.15.1 and earlier contained security vulnerabilities, which stemmed from an exploit that allowed DNS queries to...

Harden-Runner 安全漏洞

Harden-Runner is a program open source by StepSecurity. It provides network exit filter and runtime security for both GitHub-hosted and self-hosted runners. Versions of Harden-Runner prior to 2.14.2 contained security vulnerabilities. These vulnerabilities allowed outbound network connections to...

CVE-2024-52587

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under...

CVE-2024-52587 Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts`

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under...