action-docker-layer-caching icon indicating copy to clipboard operation
action-docker-layer-caching copied to clipboard

Published 20 hours ago verified publisher icon satackey

[Security] Workflow release.yml is using vulnerable action satackey/push-prebuilt-action

Open igibek opened this issue 3 years ago • 1 comments

The workflow release.yml is referencing action satackey/push-prebuilt-action using references v0.2.0-beta3. However this reference is missing the commit 0c027b66503f3857cb4e5cfb71633cc54dbd1ec6 which may contain fix to the some vulnerability. The vulnerability fix that is missing by actions version could be related to: (1) CVE fix (2) upgrade of vulnerable dependency (3) fix to secret leak and others. Please consider to update the reference to the action.

igibek avatar Dec 20 '21 03:12 igibek

@satackey

Hades32 avatar May 20 '22 08:05 Hades32