You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a potential security issue with variable interpolation in the run: step in the GitHub Actions workflow file .github/workflows/publish-central.yml.
Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes for the environment variable, like this: "$ENVVAR".
There is a potential security issue with variable interpolation in the
run:
step in the GitHub Actions workflow file.github/workflows/publish-central.yml
.Using variable interpolation ${{...}} with
github
context data in arun:
step could allow an attacker to inject their own code into the runner. Instead, use an intermediate environment variable withenv:
to store the data and use the environment variable in therun:
script. Be sure to use double-quotes for the environment variable, like this: "$ENVVAR".Suggested change:
Relevant PR: #63
Comment URL: here
Requested by overheadhunter.
The text was updated successfully, but these errors were encountered: