EPSS
Percentile
19.4%
@actions/core is vulnerable to command injection. The vulnerability exists in core.exportVariable function in core.ts which allows an attacker to inject and execute arbitrary assignments to variables.
core.exportVariable
core.ts
github.com/actions/toolkit/commit/4beda9cbc00ba6eefe387a937c21087ccb8ee9df
github.com/actions/toolkit/security/advisories/GHSA-7r3h-m5j6-3q42
vulmon.com/vulnerabilitydetails?qid=CVE-2022-35954