CVE-2020-15228
CVE-2020-15228 affects the npm package @actions/core (pre-1.2.6). The vulnerability stems from addPath and exportVariable communicating with the Actions Runner via stdout in a specific format, allowing untrusted workflow data logged to stdout to modify PATH or environment variables. Mitigation: u...