4 matches found
CVE-2023-52137
The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The verify-changed-files workflow returns the list of files changed within a workflow execution. This could potentially allow...
CVE-2023-52137
CVE-2023-52137 affects the tj-actions/verify-changed-files GitHub Action. The vulnerability allows command injection through changed filenames returned by the verify-changed-files workflow, potentially enabling arbitrary code execution on the GitHub Runner and secret leakage when outputs are used...
verify-changed-files Input Verification Error Vulnerability
changed-files is used to track the relative paths returned from the project root for all changed files and directories associated with the target branch, previous commits, or the last remote commit. An input validation error vulnerability exists in versions prior to verify-changed-files 17.0.0,...
PT-2023-31929
Name of the Vulnerable Software and Affected Versions tj-actions/verify-changed-files versions prior to 17 Description The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The...