Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
- thiago4go/kubernetes-security-kcsa-mock/.github/workflows/question-fix-automation.yml
Vulnerability:
- In job 'process-question-issues', step 'Parse issue content and process question', the attacker-controlled inputs '${{ github.event.issue.title }}' and '${{ github.event.issue.body }}' are spliced into the run shell, leading to command injection.
Thank you for your time and for maintaining this project.
Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
Vulnerability:
Thank you for your time and for maintaining this project.