Sheldan@programming.dev to Programming@programming.dev · 6 个月前Malicious code injection by compromised pull request branch namesgithub.comexternal-linkmessage-square14linkfedilinkarrow-up185arrow-down12
arrow-up183arrow-down1external-linkMalicious code injection by compromised pull request branch namesgithub.comSheldan@programming.dev to Programming@programming.dev · 6 个月前message-square14linkfedilink
minus-squareFizzyOrange@programming.devlinkfedilinkarrow-up16·6 个月前Where’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
minus-squareThinker@lemmy.worldlinkfedilinkarrow-up19·6 个月前Ding ding ding! We have a winner! It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.
Where’s the code that doesn’t quote this properly? I’m guessing it’s Bash.
Ding ding ding! We have a winner!
It’s a third-party GitHub Action that is passing the branch name directly to Bash. So to be clear, not GitHub’s fault.