Google Goes Public With Vulnerability After GitHub Drug Its Feet
Google Project Zero (GPZ) has disclosed a serious vulnerability in GitHub’s Actions feature, after the version control platform drug its feet fixing it. GPZ discovered an issue making GitHub Actions vulnerable to injection attacks. The vulnerability has been labeled ‘high-severity’ by GPZ. According to GPZ’s Felix Wilhelm, any project that relies heavily on Actions could be vulnerable. The big problem with this feature is that it is highly vulnerable to injection attacks. As the runner process parses every line printed to STDOUT looking for workflow commands, every Github action that…
Read More