lychee-action vulnerable to arbitrary code injection in composite action

lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2.

N/A

对生成代码的控制不恰当(代码注入)

Lychee 代码注入漏洞

Lychee是The Lychee Organisation开源的一个漂亮且易于使用的照片管理系统。用于管理和共享照片。 Lychee 2.0.2之前版本存在代码注入漏洞，该漏洞源于lychee-setup中可能存在任意代码注入。

N/A

N/A