Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
- ArchieAtkinson/berth/.github/workflows/code-review.yml
Vulnerability:
- In job 'gemini-code-review', step 'PR Info', the attacker-controlled source 'github.event.comment.body' is spliced into the run shell, allowing for direct command execution.
Thank you for your time and for maintaining this project.
Hello maintainers,
I would like to report a potential vulnerability in your GitHub CI workflows.
Affected files:
Vulnerability:
Thank you for your time and for maintaining this project.