CVE-2023-28430
OneSignal GitHub Actions vulnerability CVE-2023-28430 enables an issue-closure workflow step to receive data from the issue title, using a repository token with full write permissions. This CodeQL-detected expression injection could let an attacker take over the GitHub Runner and execute commands...