Skip to content

Fix GitHub Actions script injection RCE in sanitize.yml#40

Draft
Copilot wants to merge 3 commits intomasterfrom
copilot/find-rce-0-day-vulnerability
Draft

Fix GitHub Actions script injection RCE in sanitize.yml#40
Copilot wants to merge 3 commits intomasterfrom
copilot/find-rce-0-day-vulnerability

Conversation

Copy link
Copy Markdown

Copilot AI commented Mar 31, 2026
edited
Loading

The changelog-format job interpolates changelog-reader-action outputs directly into a shell run: block via ${{ }}. The changes output contains arbitrary multi-line markdown from CHANGELOG.md, which is attacker-controlled on pull_request triggers. An attacker can terminate the cat << 'EOF' heredoc early and inject shell commands.

Vulnerability

# BEFORE — changes output is expanded inline before shell execution
run: |
    cat << 'EOF'
    ${{ steps.changelog_reader.outputs.changes }}
    EOF

A crafted CHANGELOG entry with EOF on its own line breaks the heredoc, and subsequent lines execute as shell commands on the runner.

Fix

  • .github/workflows/sanitize.yml: Move ${{ }} expressions from run: to env: block so values are passed as data, not code
# AFTER — values passed as environment variables
env:
  CL_CHANGES: ${{ steps.changelog_reader.outputs.changes }}
run: |
    echo "${CL_CHANGES}"

Exploitability analysis

Only the changes output is exploitable. version is constrained to /[a-zA-Z0-9.\-+]+/ by the action's parser, and status is one of four hardcoded strings.

POC

  • poc/poc.sh — simulates the vulnerable and fixed workflow steps locally, confirming RCE in the original and safe handling in the fix
  • poc/malicious_changelog.md — example payload
  • poc/README.md — full writeup

@commial
Fix GitHub Actions script injection RCE in sanitize.yml
5d0322f 
Move changelog-reader-action outputs from direct ${{ }} interpolation
in shell run: block to env: block, preventing shell injection via
crafted CHANGELOG.md content in pull requests.

Agent-Logs-Url: https://github.com/commial/MLA/sessions/94386c10-0fb7-460f-bcff-a5ebe81eea1a

Co-authored-by: commial <4194483+commial@users.noreply.github.com>
Copilot AI changed the title [WIP] Investigate potential RCE 0-day vulnerability in file handling Fix GitHub Actions script injection RCE in sanitize.yml Mar 31, 2026
Copilot AI requested a review from commial March 31, 2026 21:32
@commial
Add POC proving the script injection vulnerability is a true positive
5370aad 
The POC demonstrates:
- Vulnerable version: heredoc escape in CHANGELOG.md body achieves RCE
- Fixed version: env: block safely passes values as data, preventing injection

Includes poc.sh (runnable demo), malicious_changelog.md, and README.md writeup.

Agent-Logs-Url: https://github.com/commial/MLA/sessions/078c5afc-c9d0-493e-a78f-1d75faeb3e71

Co-authored-by: commial <4194483+commial@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@commial commial Awaiting requested review from commial

Assignees

@commial commial

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@commial