Описание
gajira-create GitHub action vulnerable to arbitrary code execution
Impact
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.
Patches
This issue is patched in gajira-create version 2.0.1.
Workarounds
There are no known workarounds.
References
Пакеты
Наименование
atlassian/gajira-create
actions
Затронутые версииВерсия исправления
< 2.0.1
2.0.1
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.