CVE-2023-26493
The CVE-2023-26493 case affects Cocos Engine and concerns a command-injection risk in the repository’s web-interface-check.yml workflow. The vulnerability arises when a pull request triggers a workflow containing the user-controlled field (${ { github.head_ref } }), enabling an attacker to potent...