Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tj-actions/changed-files command injection in output filenames
Vulnerability Description
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
changed-files 安全漏洞
Vulnerability Description
changed-files是用于跟踪与目标分支相关的所有已更改文件和目录、之前的提交或最后一次远程提交从项目根返回的相对路径。 changed-files 41.0.0之前版本存在安全漏洞,该漏洞源于存在命令注入漏洞。攻击者可利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A