Using GitHub Actions ? Be Aware of this High-Severity Injection Bug Found in GitHub Actions
Felix Wilhelm of Google Project Zero found an injection Vulnerability affecting GitHub Actions and Workflow Commands specifically related to setting malicious environment variables by parsing STDOUT
Resources
https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
https://www.zdnet.com/article/google-to-github-times-up-this-unfixed-high-severity-security-bug-affects-developers/
Create your
podcast in
minutes
It is Free