Tag: cve
-
CVE-2023-49291 and More – A Potential Actions Nightmare
I’ve been doing a lot of scanning and reporting of GitHub Actions injection and pwn request vulnerabilities throughout GitHub over the last year. Back in November, I discovered vulnerabilities in a reusable action used by thousands, which could be backdoored by anyone with a specially crafted pull request and used.…