octoforce-actions icon indicating copy to clipboard operation
octoforce-actions copied to clipboard

Published 20 hours ago verified publisher icon github

Fix potential Actions injection

Open jorgectf opened this issue 1 year ago • 0 comments

Branch names are user-controlled values that can store special characters like ; allowing for command injection. By storing the branch names as environment variables, the interpolation is not done at the workflow level, instead, it's treated like a variable by bash.

jorgectf avatar Jan 19 '24 16:01 jorgectf