Nick Leali

icon company Cisco icon location Cisco PSIRT incident manager. Co-Chair of FIRST CVSS SIG. Very, very amateur developer.

Results 3 issues of Nick Leali

Action pull-request.yml possibly vulnerable to RCE

**Describe the bug** The pull-request.yml is vulnerable to RCE via a malicious PR https://github.com/webex/webex-js-sdk/blob/next/.github/workflows/pull-request.yml See more information in the github blog https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ **To Reproduce** Steps to reproduce the behavior: While...

bug

CVSS v4.0 support

If this is still being maintained, support for v4.0 would be great! Would like to include this on the FIRST CVSS SIG public resources repo -- https://github.com/FIRSTdotorg/cvss-resources/

Automated threat check feature

We discussed on the CVSS SIG call today the potential for an expanded feature to check CISA KEV, supply EPSS, and otherwise contextualize more effectively the CVSS score. A similar...