Date: Mon, 23 Nov 2020 18:35:55 GMT
<p>Felix Wilhelm of Google Project Zero found an injection Vulnerability affecting GitHub Actions and Workflow Commands specifically related to setting malicious environment variables by parsing STDOUT</p> <p>Resources</p> <p>https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/</p> <p>https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids</p> <p>https://www.zdnet.com/article/google-to-github-times-up-this-unfixed-high-severity-security-bug-affects-developers/</p> <p><br /></p>